[PAR-805] Add Claude configuration and capability definitions

[mescalantea]

What is the goal?

Bring this repo in line with the Claude Code tooling added across seQura repos under PAR-805 (integration-core#63, magento2-core#116, woocommerce-sequra#164), adapted to this repo as a published Composer library. Adds a tracked permission policy and keeps the Claude tooling out of the distributed package.

References

• Issue: https://sequra.atlassian.net/browse/PAR-805

How is it being implemented?

• .claude/settings.json — tracked team permission policy scoped to this repo's real tooling (no bin/ wrappers like the plugin repos): allows vendor/bin/phpunit, composer, php -l, read-only git, and the sq-git:* skills; denies reading .env*/*.pem/*.key; asks before git push.
• .gitattributes — adds export-ignore for /CLAUDE.md and /.claude/ so the Claude tooling is excluded from the package installed via Composer (git archive), consistent with the existing dev-file exclusions.

Personal prefs stay in the untracked settings.local.json.

Caveats

Scope is intentionally minimal vs. the sibling PRs. Git hooks / setup.sh were omitted: this repo has no QA CI to mirror (only packagist.yml), no phpcs/phpstan config, and the PHPUnit suite needs a live MySQL DB so it can't run unattended in a hook. A version-bump skill was also omitted — the library has no version in composer.json (Packagist uses git tags).

How is it tested?

.claude/settings.json validated as JSON; .gitattributes export-ignore confirmed via git archive (Claude tooling excluded from the published artifact).

How is it going to be deployed?

Standard deployment. Developer-only tooling — not part of the distributed Composer package.

[m1k3lm]

Approving — tooling/docs-only, low risk. Verified every class CLAUDE.md references exists at its documented path. Two non-blocking nits left inline (a doc version mismatch and a permission-pattern consistency tweak); happy to push the fix if you'd rather not.