Add enterprise artifact hub configuration and consolidate GitHub API helpers

[WilliamBerryiii]

Summary

Add enterprise artifact hub configuration to HVE Core, allowing organizations behind firewalls or air-gapped networks to redirect tool downloads, PowerShell module installs, and GitHub API calls to internal mirrors or artifact proxies. Consolidate GitHub API helpers into the shared SecurityHelpers module using the GraphQL API.

Changes

Enterprise Artifact Hub Configuration

• Add HVE_* environment variables (HVE_GITHUB_RELEASES_URL, HVE_GITHUB_API_URL, HVE_PSGALLERY_REPOSITORY, HVE_PSGALLERY_SOURCE_URL, HVE_DEVCONTAINER_IMAGE) with public defaults
• Parameterize .devcontainer/devcontainer.json image and remoteEnv block
• Parameterize .devcontainer/scripts/on-create.sh download URLs and PSGallery configuration
• Parameterize .github/workflows/copilot-setup-steps.yml with vars.* repository variables
• Add .github/actionlint.yaml config-variable entries for the new vars
• Add docs/customization/enterprise-artifact-hub.md configuration guide

GitHub API Consolidation

• Refactor Test-GitHubToken from REST /rate_limit to GraphQL /graphql endpoint
• Add Get-GitHubApiBase helper that reads HVE_GITHUB_API_URL with public default
• Consolidate API base URL usage across security scripts (Test-SHAStaleness.ps1, Update-ActionSHAPinning.ps1, Test-DependencyPinning.ps1)

Test Updates

• Update Test-GitHubToken tests for the new GraphQL response shape (Valid, Authenticated, RateLimit, Remaining, ResetAt, User, Message)
• Add edge case tests: unauthenticated GraphQL access, low rate-limit warning threshold, malformed GraphQL response handling

Documentation Validation

• All HVE_* variable cross-references in enterprise-artifact-hub.md verified against actual usage in devcontainer.json, on-create.sh, and copilot-setup-steps.yml