feat(siem-soar): implement full SIEM/SOAR roadmap

[bb-connor]

Summary

Implements the SIEM/SOAR roadmap in docs/plans/siem-soar/ end-to-end.

• Adds hushd SIEM/SOAR export pipeline (canonical SecurityEvent, privacy controls, batching/retry, rate limiting, DLQ, exporter health/metrics)
• Adds exporters + transforms: Splunk HEC, Elastic (ECS + optional init), Datadog (logs/metrics), Sumo Logic, PagerDuty/OpsGenie, Slack/Teams + templated generic webhooks
• Adds STIX/TAXII threat intel ingestion + guard integration
• Adds TypeScript SDK parity under @clawdstrike/sdk (siem namespace)
• Adds deployable template artifacts under deploy/siem-soar/
• Consolidates the per-platform specs into a single plan doc: docs/plans/siem-soar/roadmap.md

Test Plan

• cargo fmt --check
• cargo clippy --workspace --all-targets --all-features
• cargo test -p hushd
• cd packages/hush-ts && npm test --silent && npm run typecheck --silent && npm run build --silent

[bb-connor]

@codex

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. Hooray!

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".