docs: add Strapi case study

[sonukapoor]

Add a full case study for Strapi (strapi/strapi) documenting findings from a CVE Lite CLI scan of its yarn.lock.

Key narratives:

• sanitize-html critical XSS with no fix — same vulnerability found in Ghost, connecting two major CMS platforms
• Direct vs transitive split: lodash and minimatch are directly fixable; criticals run through transitive chains
• html-minifier with no fix (same as Ghost)
• 27 findings across a Yarn Classic lockfile

Follows the standard case study template. Part of the ongoing real-world validation series.

[Ayush7614]

Hi @sonukapoor — I'd like to take this one if it's available.

Plan would match the existing case study workflow (Astro / Storybook / Turborepo):

• Pin a specific upstream commit from strapi/strapi
• Add the lockfile snapshot to examples/strapi/
• Run CVE Lite + native audit locally and document verified baseline results
• Write website/docs/case-studies/strapi.md following the standard template (sanitize-html / html-minifier no-fix narrative, direct vs transitive split, Ghost CMS connection)

Happy to open a PR if you're good with me picking this up.

[Ayush7614]

Case study PR opened: #593 — verified scan at e666ee26 (2,887 packages, 29 findings, 6 fix groups, 12/29 coverage). Pin updated in examples/strapi/.