pub fn run_scan( config_path: &Path, target_paths: &[PathBuf], ) -> Result<ScanResult, ScanError>
Run a full scan: parse config, build rules, walk files, collect violations.