test: sanitize customer references in FOSSA reference fixtures

Replace customer org ID and project name with generic placeholders
(1234/example-validation-project) across all four fixtures and the README.
Structural shape, key sets, value types, and per-field cardinality are
unchanged. Parity tests assert keysets only, so the substitution is
transparent to test behavior.

Author: flowstate

tests/fixtures/fossa/README.md

@@ -1,10 +1,18 @@
 # FOSSA reference fixtures
 
-Captured from a UiPath Azure DevOps pipeline (CE-199, build 12109922) for parity testing.
+Real `fossa analyze` and `fossa report --json attribution` artifacts captured
+from a representative Azure DevOps FOSSA pipeline run, used as the
+structural-parity baseline for `--legal-format fossa` output.
 
-- `fossa-analyze-populated.json` — composed FOSSA analyze artifact with 11 vulnerabilities.
-- `fossa-analyze-empty.json` — composed FOSSA analyze artifact with zero vulnerabilities.
-- `fossa-sbom-populated.json` — `fossa report --json attribution` output with direct + deep dependencies.
-- `fossa-sbom-empty-deep.json` — attribution output with empty `deepDependencies`.
+Customer-identifying values (org IDs, project names) have been sanitized; the
+structural shape, key sets, value types, and per-field cardinality match the
+real artifacts byte-for-byte aside from those substitutions.
 
-Source assets retained at `assets/` (gitignored) for reference. These four files are the structural-parity baseline.
+- `fossa-analyze-populated.json` — composed FOSSA analyze artifact with
+  vulnerabilities present.
+- `fossa-analyze-empty.json` — composed FOSSA analyze artifact with zero
+  vulnerabilities.
+- `fossa-sbom-populated.json` — `fossa report --json attribution` output with
+  direct + deep dependencies.
+- `fossa-sbom-empty-deep.json` — attribution output with empty
+  `deepDependencies`.

tests/fixtures/fossa/fossa-analyze-empty.json

@@ -1,11 +1,11 @@
 {
   "project": {
     "branch": "refs/heads/master",
-    "id": "custom+6060/DevTools-Validation-Pipeline-03cb9ead2f744dfa5506ec0c915423947ec2fe11-go-linux",
-    "project": "6060/DevTools-Validation-Pipeline",
-    "projectId": "custom+6060/DevTools-Validation-Pipeline",
+    "id": "custom+1234/example-validation-project-03cb9ead2f744dfa5506ec0c915423947ec2fe11-go-linux",
+    "project": "1234/example-validation-project",
+    "projectId": "custom+1234/example-validation-project",
     "revision": "12109922-03cb9ead2f744dfa5506ec0c915423947ec2fe11-go-linux",
-    "url": "https://app.fossa.com/account/saml/6060?next=/projects/custom%252b6060%252fDevTools-Validation-Pipeline/refs/branch/refs%252fheads%252fmaster/12109922-03cb9ead2f744dfa5506ec0c915423947ec2fe11-go-linux"
+    "url": "https://app.fossa.com/account/saml/1234?next=/projects/custom%252b1234%252fexample-validation-project/refs/branch/refs%252fheads%252fmaster/12109922-03cb9ead2f744dfa5506ec0c915423947ec2fe11-go-linux"
   },
   "vulnerability": [],
   "licensing": [],