fix: instantiate rsr-template placeholders left generic from scaffold

Five files retained rsr-template-repo placeholder text from when the
template was used to scaffold panic-attack. The estate is starting to
consume these files via dogfood checks / OpenSSF Scorecard / assail's
own self-scan, so generic placeholders surface as real audit findings.

LICENSE:
  Body was GNU AGPL-3.0-or-later despite every other surface declaring
  MPL-2.0 (Cargo.toml SPDX header, README.adoc badge, 0-AI-MANIFEST.a2ml,
  LICENSES/MPL-2.0.txt present). Replaced with the MPL-2.0 text already
  shipped under LICENSES/MPL-2.0.txt + the canonical SPDX prefix line.
  No carve-out memory exists for panic-attack (unlike echidna's
  intentional MPL-docs-over-AGPL-LICENSE split or idaptik's intentional
  AGPL-throughout).

CODE_OF_CONDUCT.md:
  - Stripped the TEMPLATE INSTRUCTIONS block (lines 3–21).
  - Replaced `language-bridges` → `panic-attack` (pledge text + Questions
    discussions URL).
  - Filled `{{CONDUCT_EMAIL}}` → `j.d.a.jewell@open.ac.uk` (matches the
    maintainer email already in SECURITY.md, Cargo.toml etc.).
  - Filled `{{CONDUCT_TEAM}}` → `panic-attack maintainers`.
  - Filled `{{RESPONSE_TIME}}` → `48 hours` (matches SECURITY.md SLA).

.github/ISSUE_TEMPLATE/bug_report.md:
  Stock GitHub bootstrap template was prompting for iOS / browser /
  smartphone metadata against a Rust CLI/library. Replaced with
  Rust-domain fields: panic-attack version, rustc version, target source
  language under scan, sub-command involved, relevant config files
  (`.hypatia-ignore`, `.trusted-base-ignore`, audits a2ml).

.github/ISSUE_TEMPLATE/feature_request.md:
  Stock GitHub template polished into a domain-specific shape: detector
  / sub-command / schema-version impact / hypatia-vs-panic-attack
  layering / cross-repo wiring (hypatia#358 fact-source consumption etc).

.github/ISSUE_TEMPLATE/custom.md:
  Empty stub with `about: Describe this issue template's purpose here.`
  deleted — no panic-attack-specific use case justifies keeping it.

SECURITY.md:
  Supported-versions table claimed 0.2.x supported, 0.1.x unsupported.
  Actual Cargo.toml version is 2.5.0. Updated to 2.5.x supported,
  < 2.5 unsupported.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: hyperpolymath

.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,38 +1,37 @@
 ---
 name: Bug report
-about: Create a report to help us improve
+about: Report a panic-attack defect (false-positive rule, runtime crash, schema breakage, missed detection)
 title: ''
-labels: ''
+labels: bug
 assignees: ''
 
 ---
 
 **Describe the bug**
-A clear and concise description of what the bug is.
+A clear and concise description of what went wrong. If this is a detector firing where it shouldn't (false positive) or NOT firing where it should (false negative), say so explicitly.
 
-**To Reproduce**
-Steps to reproduce the behavior:
-1. Go to '...'
-2. Click on '....'
-3. Scroll down to '....'
-4. See error
+**Reproduction**
+Minimal steps to reproduce:
+1. `panic-attack <subcommand> <args>` …
+2. Against fixture / repo at … (link or attach minimal sample)
+3. Observed: …
+4. Expected: …
 
-**Expected behavior**
-A clear and concise description of what you expected to happen.
+**Sample output**
+If applicable, paste the JSON / A2ML report excerpt that demonstrates the issue:
 
-**Screenshots**
-If applicable, add screenshots to help explain your problem.
+```
+<paste output here>
+```
 
-**Desktop (please complete the following information):**
- - OS: [e.g. iOS]
- - Browser [e.g. chrome, safari]
- - Version [e.g. 22]
-
-**Smartphone (please complete the following information):**
- - Device: [e.g. iPhone6]
- - OS: [e.g. iOS8.1]
- - Browser [e.g. stock browser, safari]
- - Version [e.g. 22]
+**Environment**
+- panic-attack version: `panic-attack --version` →
+- Rust toolchain: `rustc --version` →
+- OS / arch:
+- Target source language(s) under scan (Rust / Haskell / Idris2 / Coq / Lean / Agda / Isabelle / Chapel / …):
+- Sub-command involved (`assail` / `bridge` / `verisimdb` / `assault` / …):
 
 **Additional context**
-Add any other context about the problem here.
+- Has the same input run cleanly in a prior version? If so, which?
+- Any relevant config (`.hypatia-ignore`, `.trusted-base-ignore`, `audits/assail-classifications.a2ml`)?
+- Suspected detector / file in `src/assail/analyzer.rs` or similar?

.github/ISSUE_TEMPLATE/custom.md

@@ -1,20 +1,27 @@
 ---
 name: Feature request
-about: Suggest an idea for this project
+about: Propose a new detector, sub-command, output schema, or integration for panic-attack
 title: ''
-labels: ''
+labels: enhancement
 assignees: ''
 
 ---
 
-**Is your feature request related to a problem? Please describe.**
-A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+**What problem does this solve?**
+Describe the gap or pain point — what does panic-attack currently miss / get wrong / make awkward? Cite a real-world finding or workflow where possible.
 
-**Describe the solution you'd like**
-A clear and concise description of what you want to happen.
+**Proposed solution**
+What would the new behaviour look like? If this is a new detector, what does it match, and what's the false-positive avoidance plan? If a new sub-command, what's its surface (`panic-attack <name> [args]`)?
 
-**Describe alternatives you've considered**
-A clear and concise description of any alternative solutions or features you've considered.
+**Alternatives considered**
+- Could this be expressed by an existing detector + classification?
+- Could it live downstream in hypatia (rule layer) instead of panic-attack (detector layer)?
+- Could `audits/assail-classifications.a2ml` cover it via classification entries?
+
+**Impact / scope**
+- Estate repos likely to benefit:
+- Schema / output changes (would this bump `schema_version`?):
+- Cross-repo wiring (hypatia#358 fact-source consumption, bridge-classifier downstream, etc.):
 
 **Additional context**
-Add any other context or screenshots about the feature request here.
+Links to motivating findings, related issues, or upstream tooling that informs the design.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -1,28 +1,8 @@
 # Code of Conduct
 
-<!-- 
-============================================================================
-TEMPLATE INSTRUCTIONS (delete this block before publishing)
-============================================================================
-Replace all {{PLACEHOLDER}} values:
-  language-bridges     - Your project name
-  hyperpolymath            - GitHub/GitLab username or org
-  language-bridges             - Repository name
-  {{CONDUCT_EMAIL}}    - Email for conduct reports
-  {{CONDUCT_TEAM}}     - Name of conduct team/committee
-  {{RESPONSE_TIME}}    - Initial response SLA (e.g., 48 hours)
-  2026     - Current year
-
-Review and customise:
-- Adjust enforcement ladder for your community size
-- Add/remove examples based on your context
-- Ensure contact methods work for your team
-============================================================================
--->
-
 ## Our Pledge
 
-We as members, contributors, and leaders pledge to make participation in language-bridges a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, caste, colour, religion, or sexual identity and orientation.
+We as members, contributors, and leaders pledge to make participation in panic-attack a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, caste, colour, religion, or sexual identity and orientation.
 
 We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community.
 
@@ -136,7 +116,7 @@ If you experience or witness unacceptable behaviour, or have any other concerns,
 
 | Method | Details | Best For |
 |--------|---------|----------|
-| **Email** | {{CONDUCT_EMAIL}} | Detailed reports, sensitive matters |
+| **Email** | j.d.a.jewell@open.ac.uk | Detailed reports, sensitive matters |
 | **Private Message** | Contact any maintainer directly | Quick questions, minor issues |
 | **Anonymous Form** | [Link to form if available] | When you need anonymity |
 
@@ -152,8 +132,8 @@ If you experience or witness unacceptable behaviour, or have any other concerns,
 
 **What Happens Next**
 
-1. You will receive acknowledgment within **{{RESPONSE_TIME}}**
-2. The {{CONDUCT_TEAM}} will review the report
+1. You will receive acknowledgment within **48 hours**
+2. The panic-attack maintainers will review the report
 3. We may ask for additional information
 4. We will determine appropriate action
 5. We will inform you of the outcome (respecting others' privacy)
@@ -169,7 +149,7 @@ All reports will be handled with discretion:
 
 ### Conflicts of Interest
 
-If a {{CONDUCT_TEAM}} member is involved in an incident:
+If a panic-attack maintainers member is involved in an incident:
 
 - They will recuse themselves from the process
 - Another maintainer or external party will handle the report
@@ -179,7 +159,7 @@ If a {{CONDUCT_TEAM}} member is involved in an incident:
 
 ## Enforcement Guidelines
 
-The {{CONDUCT_TEAM}} will follow these guidelines in determining consequences:
+The panic-attack maintainers will follow these guidelines in determining consequences:
 
 ### 1. Correction
 
@@ -231,13 +211,13 @@ For contributors with elevated access (Perimeter 2 or 1):
 If you believe an enforcement decision was made in error:
 
 1. **Wait 7 days** after the decision (cooling-off period)
-2. **Email** {{CONDUCT_EMAIL}} with subject line "Appeal: [Original Report ID]"
+2. **Email** j.d.a.jewell@open.ac.uk with subject line "Appeal: [Original Report ID]"
 3. **Explain** why you believe the decision should be reconsidered
 4. **Provide** any new information not previously available
 
 **Appeals Process**
 
-- Appeals are reviewed by a different {{CONDUCT_TEAM}} member than the original
+- Appeals are reviewed by a different panic-attack maintainers member than the original
 - You will receive a response within 14 days
 - The appeals decision is final
 - You may only appeal once per incident
@@ -310,8 +290,8 @@ We thank these communities for their leadership in creating welcoming spaces.
 
 If you have questions about this Code of Conduct:
 
-- Open a [Discussion](https://github.com/hyperpolymath/language-bridges/discussions) (for general questions)
-- Email {{CONDUCT_EMAIL}} (for private questions)
+- Open a [Discussion](https://github.com/hyperpolymath/panic-attack/discussions) (for general questions)
+- Email j.d.a.jewell@open.ac.uk (for private questions)
 - Contact any maintainer directly
 
 ---