docs: add Twenty lockfile example and verified case study (#505)

[Ayush7614]

Summary

• Adds lockfile-only snapshot examples/twenty/ from twentyhq/twenty@fc90b4b (package.json + yarn.lock)
• Documents verified baseline scan in website/docs/case-studies/twenty.md — largest case study fixture by package count (5,451 packages, 105 findings)
• Open-source CRM / Nx + Yarn Berry monorepo coverage: 0 direct / 28 transitive / 77 unknown findings
• Six critical findings (test stack: vitest, happy-dom, @nyariv/sandboxjs; legacy form-data chains)
• Four fix command groups covering 24/105 findings (Nx parent upgrades + within-range refreshes)
• yarn npm audit / yarn npm audit -A return no audit suggestions on lockfile-only snapshot (documented)
• Bundles Twenty logo at website/static/img/twenty-logo.svg

Closes #505

Verified scan output

Parsed 5451 packages from yarn-lock (yarn.lock)
Found 105 packages (167 CVEs) with known OSV matches
Critical: 6 | High: 40 | Medium: 54 | Low: 5
4 command groups ready across 18 packages
Running all commands above should fix 24 of 105 findings.

Key generated commands:

yarn add @nx/js@22.6.4 @nx/react@22.6.0 verdaccio@6.6.0
yarn upgrade @babel/plugin-transform-modules-systemjs && yarn upgrade axios && ...
yarn upgrade ajv && yarn upgrade follow-redirects && ...
yarn add @nx/jest@22.7.2 nx@22.6.5

Note: issue preliminary scan reported 102 findings (v1.18.1, 2026-05-30); verified count at v1.20.0 is 105 due to OSV advisory updates — all numbers in the case study match live scan JSON.

Test plan

• npm run build
• node dist/index.js examples/twenty --verbose --all — 105 findings, 4 command groups, 24/105 coverage
• Case study numbers match live scan JSON (cve-lite-scan-2026-06-09T07-32-56.json)
• yarn npm audit and yarn npm audit -A attempted — no audit suggestions (documented)
• Full 105-row baseline findings table included
• Docusaurus site builds (if CI runs on PR)

[Ayush7614]

cc: @sonukapoor