feat: add exhaustive-path-tracing to security audit template

Add the exhaustive-path-tracing protocol to the investigate-security
template for systematic deep analysis of parser and decoder functions
that process untrusted structured input.

Changes:
- Add exhaustive-path-tracing to template protocol list (optional,
  applied selectively to parser/decoder functions)
- Add instruction 7 with criteria for identifying functions that
  warrant deep path tracing (multi-field decode, inter-value
  arithmetic, iteration over decoded elements)
- Add specific attention items: inter-value arithmetic validation,
  loop-carried invariant gaps, truncation after bounds check
- Expand investigation plan from 5 to 7 steps, adding parser
  identification (step 3) and deep-dive (step 5)
- Add coverage ledger requirement to quality checklist
- Update manifest.yaml protocol list and description
- Add investigate-security to exhaustive-path-tracing applicable_to

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: Alan-Jowett

manifest.yaml

@@ -1349,9 +1349,11 @@ templates:
       path: templates/investigate-security.md
       description: >
         Security audit of code or a system component. Systematic
-        vulnerability analysis with severity classification.
+        vulnerability analysis with severity classification. Applies
+        exhaustive path tracing selectively to parser/decoder functions
+        that handle untrusted structured input.
       persona: security-auditor
-      protocols: [anti-hallucination, self-verification, operational-constraints, adversarial-falsification, security-vulnerability]
+      protocols: [anti-hallucination, self-verification, operational-constraints, adversarial-falsification, security-vulnerability, exhaustive-path-tracing]
       taxonomies: [stack-lifetime-hazards]
       format: investigation-report