chore(release): prepare v0.3.1

[voyvodka]

Release-prep PR for v0.3.1 — a maintenance patch covering a runtime base-image security refresh plus a full dependency refresh. No breaking changes; the v1 route prefix, the Standard Webhooks signature surface, and the WebhookEngine.Sdk public API are all unchanged.

Changes in this PR

• Promote CHANGELOG.md [Unreleased] → ## [0.3.1] - 2026-06-29, with a fresh empty [Unreleased] skeleton above it.
• Bump src/WebhookEngine.Sdk/WebhookEngine.Sdk.csproj <Version> 0.3.0 → 0.3.1.

What ships in 0.3.1

Security

• Runtime base image mcr.microsoft.com/dotnet/aspnet:10.0-alpine repinned f03685b → 57bd717 (Alpine 3.23.4 → 3.23.5, OpenSSL 3.5.6-r0 → 3.5.7-r0), clearing the 16 image CVEs Docker Scout reported against voyvodka/webhook-engine:latest — 1 critical (CVE-2026-34182, CVSS 9.1), 8 high, 5 medium, 2 low — all in the Alpine base layer, none in application code. Rebuilt image scans clean under Trivy. (chore(deps): Bump dotnet/aspnet from f03685b to 57bd717 in /docker #148)
• Build-stage mcr.microsoft.com/dotnet/sdk:10.0 repinned 548d93f → ea8bde3 (build-only). (chore(deps): Bump dotnet/sdk from 548d93f to ea8bde3 in /docker #149)

Changed — dependency refresh

• Dashboard npm group: lucide-react, recharts, @types/node, @vitejs/plugin-react, eslint, typescript-eslint, vite. (chore(deps): Bump the minor-and-patch group in /src/dashboard with 7 updates #150)
• @webhookengine/endpoint-manager dev deps: eslint, typescript-eslint. (chore(deps-dev): Bump eslint and typescript-eslint in /packages/endpoint-manager #153)
• Backend NuGet: OpenTelemetry.Instrumentation.AspNetCore, Scalar.AspNetCore, Microsoft.NET.Test.Sdk. (chore: Bump the minor-and-patch group with 3 updates #152)

Pre-release checks (already green on main)

• dotnet build WebhookEngine.sln -c Release → 0 warnings, 0 errors
• dotnet test → 312/312 passed
• dashboard bun run lint && bun run typecheck && bun run build → clean

Tag v0.3.1 will be pushed after this merges to trigger release.yml.