Audit: detect repeated struct field patterns (flatten candidates)

[chubes4]

Problem

The audit system detects duplicate function bodies (Phase 4c exact, Phase 4d near-duplicates) but misses duplicate struct field patterns — where multiple structs independently define the same fields with the same types and attributes.

Example: pub path: Option<String> with #[arg(long)] appears in 12+ #[derive(Args)] structs across the commands layer. The audit doesn't flag this because it's not a function body — it's a repeated structural pattern in type definitions.

This was discovered during #436 research, where 10 distinct flag patterns were found duplicated across 25+ locations.

Proposal

Add a Phase 4e: struct field pattern detection to the audit pipeline:

1. Parse struct definitions — extract field signatures (name, type, attributes)
2. Hash field groups — identify when 2+ fields appear together in multiple structs (e.g. --baseline + --ignore-baseline always co-occur)
3. Report flatten candidates — structs sharing N+ identical field signatures, with a threshold (e.g. 3+ occurrences)

For Clap #[derive(Args)] specifically:

• Detect identical #[arg(...)] attribute + type combinations
• Flag co-occurring field groups as #[command(flatten)] candidates
• Distinguish between single repeated fields and multi-field groups that travel together

Scope

• Rust extension would need a new parse_struct_fields capability (or extend existing parse_items)
• Core audit would need a new phase after Phase 4d
• Reporting: "structural pattern" finding type, similar to "exact duplicate" and "near duplicate"

Related

• Extract shared CLI arg groups via #[command(flatten)] #436 — Extract shared CLI arg groups via #[command(flatten)] (the fix for what this would detect)

[chubes4]

Implemented in PR #943 — repeated struct field pattern detection wired into audit as Phase 4o.