feat(16-02): add SecurityTrails source and wire all three Phase 16-02 sources

- SecurityTrailsSource enumerates subdomains via API, probes config endpoints
- Credential-gated via SECURITYTRAILS_API_KEY env var
- RegisterAll extended to 70 sources (67 Phase 10-15 + 3 Phase 16)
- cmd/recon.go wires SecurityTrails API key from env/viper

pkg/recon/sources/register.go

@@ -52,6 +52,9 @@ type SourcesConfig struct {
 	// Phase 14: CI/CD source tokens.
 	CircleCIToken string
 
+	// Phase 16: DNS/threat intel source tokens.
+	SecurityTrailsAPIKey string
+
 	// Registry drives query generation for every source via BuildQueries.
 	Registry *providers.Registry
 	// Limiters is the shared per-source rate-limiter registry.
@@ -61,8 +64,8 @@ type SourcesConfig struct {
 // RegisterAll registers every Phase 10 code-hosting, Phase 11 search engine /
 // paste site, Phase 12 IoT scanner / cloud storage, Phase 13 package
 // registry / container / IaC, Phase 14 CI/CD log / web archive / frontend
-// leak, and Phase 15 forum / collaboration tool / log aggregator source on
-// engine (67 sources total).
+// leak, Phase 15 forum / collaboration tool / log aggregator, and Phase 16
+// mobile / DNS / threat intel source on engine (70 sources total).
 //
 // All sources are registered unconditionally so that cmd/recon.go can surface
 // the full catalog via `keyhunter recon list` regardless of which credentials
@@ -282,4 +285,13 @@ func RegisterAll(engine *recon.Engine, cfg SourcesConfig) {
 	engine.Register(&SplunkSource{Registry: reg, Limiters: lim})
 	engine.Register(&GrafanaSource{Registry: reg, Limiters: lim})
 	engine.Register(&SentrySource{Registry: reg, Limiters: lim})
+
+	// Phase 16: Mobile, DNS, and threat intel sources.
+	engine.Register(&APKMirrorSource{Registry: reg, Limiters: lim})
+	engine.Register(&CrtShSource{Registry: reg, Limiters: lim})
+	engine.Register(&SecurityTrailsSource{
+		APIKey:   cfg.SecurityTrailsAPIKey,
+		Registry: reg,
+		Limiters: lim,
+	})
 }