docs: add Strapi case study (#373)

[Ayush7614]

Summary

• Adds verified Strapi case study at strapi/strapi@e666ee2 — 2,887 packages, 29 findings (1 critical · 12 high · 13 medium · 3 low)
• Updates examples/strapi/ lockfile snapshot (Yarn Berry 4.12.0) and documents six fix command groups covering 12/29 findings
• Highlights CMS parallels with Ghost (html-minifier no-fix), direct lodash/qs fixes vs transitive critical handlebars chain, and mixed minimatch remediation paths
• Documents yarn npm audit limitation on lockfile-only Yarn Berry catalog snapshots (same class as Storybook)

Closes #373

Verified scan output

Parsed 2887 packages from yarn-lock (yarn.lock)
Found 29 packages (61 CVEs) with known OSV matches
Critical: 1 | High: 12 | Medium: 13 | Low: 3
6 command groups ready across 12 packages (1 critical, 2 high, 3 medium)
Running all commands above should fix 12 of 29 findings.

Key generated commands:

yarn upgrade handlebars
yarn add lodash@4.18.0
yarn upgrade axios && yarn upgrade cross-spawn && yarn upgrade minimatch && yarn upgrade tmp
yarn add qs@6.15.2
yarn upgrade brace-expansion && yarn upgrade ejs && yarn upgrade tough-cookie
yarn add @swc/cli@0.8.1 lint-staged@15.4.2

Test plan

• npm run build
• node dist/index.js examples/strapi --verbose --all — 29 findings, 6 command groups, 12/29 coverage
• Case study numbers match live scan JSON (cve-lite-scan-2026-06-09T07-16-34.json)
• yarn npm audit attempted on fixture — fails with catalog protocol error (documented in case study)
• Docusaurus site builds (if CI runs on PR)

[Ayush7614]

cc: @sonukapoor