Expand description
The scan command: parse ScanArgs, run the audit pipeline (config → fleet
scan → assemble → enrich → reachability → render), and return the exit code.
Also hosts the --why/--explain short-circuits and -f vex parameter build.