[codex] Sync docs after sbom-diff-and-risk v0.6.0 release

[stacknil]

Brief Design Summary

This PR syncs reviewer-facing documentation after the sbom-diff-and-risk v0.6.0 GitHub Release.

It updates the repository landing page, reviewer brief, and reviewer evidence pack so current-release and latest-release wording points at v0.6.0 instead of the older v0.5.x releases. The evidence pack now uses the v0.6.0 wheel, sdist, checksum manifest, release view, and attestation examples.

This is a documentation-only post-release cleanup. It does not change runtime behavior, workflows, package metadata, release tags, or PyPI/TestPyPI publishing configuration.

Files Changed

• README.md
• tools/sbom-diff-and-risk/docs/reviewer-brief.md
• tools/sbom-diff-and-risk/docs/reviewer-evidence-pack.md

Validation

• git diff --check HEAD~1 HEAD
• Searched the scoped public docs for stale v0.5.0 / v0.5.1 current-release wording.
• Confirmed the diff is docs-only and does not touch runtime source, workflows, package metadata, versions, tags, or publishing configuration.

Out of Scope

• No runtime changes
• No workflow changes
• No package version changes
• No new tag or GitHub Release
• No PyPI/TestPyPI publishing
• No production PyPI workflow

[stacknil]

checked common bidi controls; no matches

[stacknil]

Reviewed. Scope is clean.

This PR only syncs reviewer-facing docs after the v0.6.0 release:

• root README current release wording
• reviewer brief current released version
• reviewer evidence pack release/asset/attestation examples

Confirmed boundaries:

• docs-only
• no runtime changes
• no workflow changes
• no package version changes
• no tag or GitHub Release
• no PyPI/TestPyPI publishing
• no production PyPI workflow

Approved to merge after required checks/review gate are satisfied.

[stacknil]

Ran a broader Unicode Cf/Cc scan on the touched Markdown files; no non-tab/newline control or format characters found. GitHub’s warning appears non-blocking for this docs-only PR.