feat(scoreboard): add live TUI status board for GOAD engagements

[mkultraWasHere]

Live scoreboard for GOAD engagements

Added

• python -m scoreboard run launches a Rich TUI that polls an agent's report.jsonl and displays real-time progress against 51 objectives (credentials, hosts, domains, attack techniques)
• python -m scoreboard generate-key builds answer_key.json from any GOAD config.json, extracting credentials, hosts, domains, and 20 technique categories (Kerberoast, AS-REP, ADCS ESC variants, delegation, etc.)
• python -m scoreboard demo renders a sample board with mock findings for quick visual verification
• Two transport backends: --transport local (reads a file on disk) and --transport ssm (reads from an EC2 instance via AWS SSM send-command)
• --restart flag deletes the existing report file before launching, so the board starts clean
• --profile and --region flags for AWS SSM authentication
• SSM transport raises ConnectionError with actionable messages (expired credentials, invalid instance ID, timeouts) instead of silently returning nothing
• agent_prompt.md template for instructing agents to append JSONL findings to /tmp/report.jsonl
• Two-phase verification: phase 1 matches findings to credentials by username + domain, phase 2 infers host compromise, domain ownership, and attack techniques from which credentials were achieved

Notes

• Only dependency is rich>=13.0
• answer_key.json is checked in for the default GOAD lab; regenerate with generate-key after changing config.json or switching to a variant
• answer_key.json contains plaintext passwords by design — it is the scoring key, not a deployed artifact

• Bug fix (non-breaking change that fixes an issue)
• [ x] New feature (non-breaking change that adds functionality)
• Breaking change (fix or feature that would change existing behavior)
• New lab, lab variant, or extension
• New / updated provider support
• Refactor / internal cleanup (no functional change)
• Documentation
• CI / build / release tooling
• Dependency update

Area

• CLI (cli/)
• Ansible collection (ansible/)
• Terraform / Terragrunt (infra/, modules/)
• Packer / Warpgate (packer/, warpgate-templates/)
• Lab definitions (ad/)
• Extensions (extensions/)
• Variant generator / tools (tools/)
• Documentation (docs/, README.md, etc.)
• CI workflows (.github/)

Related issues

How was this tested?

• Provider(s) tested: aws
• Lab(s) tested: Directly. Via runs against live DreadGOAD instance.
• Operator OS: mac

Checklist

• [ x] I have read CONTRIBUTING.md.
• [x ] My changes follow the existing code style of the area I touched.
• [ x] I have added or updated tests where it makes sense (Go tests under cli/, Ansible syntax checks, etc.).
• [x ] I have updated documentation (README, docs/, role README, command help text) where relevant.
• [ x] I have checked that I am not committing real secrets, personal credentials, or internal hostnames. (Intentional lab credentials inside ad/, ansible/, and extensions/ are expected and fine.)
• [x ] If this PR changes user-facing CLI behavior, I have updated the relevant --help text and any docs that reference it.
• [x ] If this PR introduces a breaking change, I have called it out in the Summary above.