feat(guru-scan): fix exit code capture, add GURUSCAN_RESULT_JSON reporting, pre-scan hardening

Exit code fix: add $proc.Handle caching after Start-Process -PassThru to prevent
the handle from being released before ExitCode is readable (known PS5.1 bug).

GuruRMM reporting: launcher now finds results.json after each scan and emits
GURUSCAN_RESULT_JSON:<compressed> to stdout. Agent CommandResult captures it;
server stores it in commands.stdout for retrieval via GET /api/commands/:id.

Pre-scan hardening:
- Pre-flight EXE check: warns about missing scanner binaries before run starts
- Windows Defender exclusions added for scanner/log paths before scan, removed after

AdwCleaner: add /path {LOG_ROOT} arg so logs write directly to scan log root;
update log_src to {LOG_ROOT}\Logs to match.

HitmanPro: add /quiet to scan and clean args to suppress GUI in headless runs.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

projects/msp-tools/guru-scan/Invoke-GuruScan.ps1

@@ -52,4 +52,22 @@ if (-not (Test-Path $moduleManifest)) {
 }
 
 Import-Module $moduleManifest -Force
+$scanStart = Get-Date
 Invoke-GuruScan @PSBoundParameters -OutputSink Disk
+
+# Emit structured JSON to stdout for GuruRMM CommandResult capture.
+# Read from results.json written during this run (newer than $scanStart).
+$resultsFile = Get-ChildItem -Path 'C:\ScanLogs' -Recurse -Filter 'results.json' -ErrorAction SilentlyContinue |
+    Where-Object { $_.LastWriteTime -gt $scanStart } |
+    Sort-Object LastWriteTime -Descending |
+    Select-Object -First 1
+
+if ($resultsFile) {
+    $json = Get-Content -Path $resultsFile.FullName -Raw -Encoding UTF8 -ErrorAction SilentlyContinue
+    if ($json) {
+        # Compress to single line so the agent's stdout parser sees it as one line
+        $compressed = ($json | ConvertFrom-Json | ConvertTo-Json -Depth 10 -Compress)
+        Write-Output ''
+        Write-Output "GURUSCAN_RESULT_JSON:$compressed"
+    }
+}