Fix invalid static snapshot validation

[Yurii201811]

Summary

Fixes #150.

This validates combined --snapshot inputs before analysis so scan reports, empty tool arrays, and tool rows without names fail with a clear StaticJsonError instead of silently producing a zero-tool snapshot scan. The CLI now reports that error with exit code 2 before artifacts are written, including the surface scan commands that also accept --snapshot.

Also updates the static snapshot docs to point users at real MCP metadata exports instead of reusing MCTS scan-report artifacts.

Type of change

• Bug fix
• New feature / analyzer
• Breaking change
• Documentation

Test plan

• .venv/bin/python -m pytest tests/test_snapshot_cli.py -q
• uv run --frozen ruff check src tests
• Manual CLI test (if applicable)

  uv run mcts scan examples/vulnerable-mcp-server/server.py
  uv run mcts scan examples/vulnerable-mcp-server/server.py -o report.json
  uv run mcts report report.json -o security-report.html

Checklist

• CHANGELOG.md updated (if user-facing) — see Keep a Changelog
• Tests added or updated
• No secrets or credentials in code
• Docs updated if CLI behavior or report output changed — see Documentation index (guides live under docs/get-started/, docs/scanning/, docs/platform/, etc.)

[hello-args]

Thanks for the contribution @Yurii201811 . Happy to merge if checks pass.