socket scan create --reach now maps socket.json's per-ecosystem manifest
build-tool options (bin, include/exclude-configs, gradle/sbt opts) into a
Coana-defined AutoManifestConfig and passes it to `coana run` via
--auto-manifest-config (a temp JSON file path Coana reads), so reach-time
dependency resolution invokes the build tool the way the project is configured
rather than with defaults. Under --auto-manifest the config also carries
top-level failOnBuildToolError=true (fail-closed: Coana treats a build-tool
step failure as fatal instead of tolerating it); plain --reach leaves it unset
and stays permissive.

This is the socket-cli side of the manifest-flag-propagation gap. The Coana
`--auto-manifest-config` option is not yet released, so this must not ship
until Coana publishes it and the pinned @coana-tech/cli is bumped; until then
it is exercised via SOCKET_CLI_COANA_LOCAL_PATH.

- add src/utils/auto-manifest-config.mts: BuildToolOptions/AutoManifestConfig
  types + buildAutoManifestConfig (socket.json -> config) + tests
- ReachabilityOptions.autoManifestConfig; write the config to a temp file and
  pass its path to coana run, cleaning it up after
- build the config at the cmd-scan-create assembly point

Only forward the socket.json build-tool config to `coana run` when the
resolved Coana version supports `--auto-manifest-config` (>= 15.4.1).
Passing the flag to an older Coana, pinned via --reach-version, would abort
the run on an unknown flag; we now skip it and warn instead. A local Coana
build (SOCKET_CLI_COANA_LOCAL_PATH) has no resolvable version and is treated
as supported.

Also drop internal tracker references from source comments.

Coana is pinned to a specific version in the CLI, so gating
--auto-manifest-config on a minimum version added no real safety; remove
coanaSupportsAutoManifestConfig and forward the config unconditionally
when non-empty. Move the temp config file cleanup into a finally block so
it runs even if the Coana run throws.