fix: фаза 2 — критические фиксы

READМЕ: убрать NEXUS_REPOSITORIES, CREATED→UPDATED, go/npm/Gem→go/npm,
  добавить MAX_CONCURRENT_SCANS, CSV-экспорт, инструкцию по вебхукам Nexus
Dockerfile: uv pip install --system . (единый источник deps — pyproject.toml)
docker-compose: WEBHOOK_SECRET, SCAN_TIMEOUT_SECONDS
pyproject.toml: убрать deprecated [tool.ruff].select
config.py: default из DEFAULT_MAX_CONCURRENT_SCANS
constants.py: убрать GUARDDOG_ERRORS_KEY (мёртвый), .gem из PACKAGE_EXTENSIONS,
  LLM prompt: «Python»→«software»
queries.py: убрать return_total
Makefile: docker-up +--build, docker-down без -v, +docker-destroy,
  +docker-rebuild, убран typecheck

guarddog_nexus/constants.py

@@ -11,7 +11,7 @@ used across the codebase live here to avoid duplication and drift.
 # Unified list of recognised package file extensions.
 # NOTE: webhooks uses this to decide whether to accept an asset;
 # harvester uses it to decide whether to download and scan.
-PACKAGE_EXTENSIONS = (".tar.gz", ".tgz", ".whl", ".zip", ".gem")
+PACKAGE_EXTENSIONS = (".tar.gz", ".tgz", ".whl", ".zip")
 
 # Prefix used in PyPI-style asset paths ("/packages/name/ver/file")
 PYPI_PATH_PREFIX = "packages"
@@ -105,7 +105,6 @@ DEFAULT_MAX_CONCURRENT_SCANS = 4
 GUARDDOG_OUTPUT_KEY = "--output-format"
 GUARDDOG_OUTPUT_FORMAT = "json"
 GUARDDOG_RESULTS_KEY = "results"
-GUARDDOG_ERRORS_KEY = "errors"
 
 SCAN_ERROR_TIMEOUT = "timeout"
 SCAN_ERROR_BINARY_NOT_FOUND = "guarddog_not_found"
@@ -156,7 +155,7 @@ LLM_DEFAULT_MODEL = "gpt-4o-mini"
 LLM_DEFAULT_API_BASE = "https://api.openai.com/v1"
 LLM_DEFAULT_TIMEOUT = 30
 LLM_ANALYSIS_SYSTEM_PROMPT = (
-    "You are a security analyst reviewing GuardDog findings for a Python package. "
+    "You are a security analyst reviewing GuardDog findings for a software package. "
     "Given a finding (rule name, severity, message, code snippet, location), "
     "provide a concise security analysis in 2-3 paragraphs. "
     "Assess whether this is likely a real threat or a false positive. "