[FEATURE] Add --threshold flag to fail CI/CD builds when security score is below a minimum

[advaitpatel]

Feature Request

Add a `--threshold` CLI flag that causes DockSec to exit with a non-zero code when the computed security score falls below a user-defined minimum. This is the single most-requested integration feature for CI/CD pipelines — it enables teams to enforce security gates automatically.

Proposed Usage

# Fail the build if score < 70
docksec Dockerfile -i myapp:latest --threshold 70

# In GitHub Actions / Jenkins / GitLab CI:
- run: docksec Dockerfile -i $IMAGE --threshold 80
  # Step fails if security score < 80, blocking the deployment

Expected Behavior

DockSec Security Score: 64/100

[FAILED] Security score 64 is below the required threshold of 70.
         Deployment blocked. Fix the issues above and re-scan.

Exit code: 1

DockSec Security Score: 87/100

[PASSED] Security score 87 meets the required threshold of 70.

Exit code: 0

Implementation Plan

1. Add `--threshold` argument to `docksec.py` argparse (integer, 0–100, default: None)
2. After score calculation, compare score against threshold
3. Print a clear PASS/FAIL message with Rich console formatting
4. Exit with code `1` on failure, `0` on pass
5. Threshold of `None` (not provided) = current behavior (always exit 0)
6. Add `--threshold` to `--scan-only` mode too (use rule-based score, no LLM needed)

Edge Cases to Handle

• `--threshold 0` → always pass (warn user this is a no-op)
• `--threshold 100` → valid (very strict gate)
• `--threshold 101` or negative → argparse error before scan starts
• Score calculation failure → warn and exit 2 (infrastructure error, not a security failure)

CLI Argument Addition (`docksec.py`)

parser.add_argument(
    "--threshold",
    type=int,
    metavar="SCORE",
    default=None,
    help="Minimum security score (0-100). Exit with code 1 if score is below this value. "
         "Useful for CI/CD pipeline gates. Example: --threshold 70"
)

Acceptance Criteria

• `--threshold N` exits 1 when score < N
• `--threshold N` exits 0 when score >= N
• Threshold validation rejects values outside [0, 100]
• Works with both AI-scored and rule-based (`--scan-only`) modes
• Clear PASS/FAIL output with score and threshold shown
• Unit tests for threshold logic
• README updated with CI/CD example

Related Issues

• Depends on the score being accurate (see hardcoded config score bug [BUG] Configuration score in score_calculator.py is hardcoded to 75 — never computed #44)