Replace fmt/strings/path/filepath with core.Sprintf, core.Lower, core.Upper, core.Split,
core.SplitN, core.Trim, core.Join, core.Contains, core.NewBuilder, core.Path across
ai/, cmd/metrics/, and cmd/security/. Add Bad/Ugly test coverage for the untested
security package (AlertSummary, filterBySeverity, buildTargetRepo, buildJobIssueBody).
os/exec kept for gh CLI invocations (no core equivalent in dep graph).
encoding/json kept for MarshalIndent (no core.JSONMarshalIndent yet).
Co-Authored-By: Virgil <virgil@lethean.io>
aff8ff4b3b