fix: Windows Defender false positive on Go binary

[q-soriarty]

Problem

Windows Defender flags the copia-cli Windows binary as malware:

Detection: Trojan:Win32/Sprisky.U!cl

This is a known false positive — Windows Defender heuristics frequently flag Go binaries due to static linking, runtime reflection patterns, and UPX-like memory layouts.

This blocks the winget-pkgs submission (microsoft/winget-pkgs#355129 (comment)) and potentially affects any Windows user downloading the release.

Tasks

• Submit false positive report to Microsoft Security Intelligence
• Upload VirusTotal scan result to winget PR as evidence
• Investigate code signing for Windows binaries (long-term fix)
• Re-trigger winget validation after Defender definitions are updated

[q-soriarty]

Resolved — winget-pkgs PR merged on 2026-04-06. Microsoft re-validated the binary and the package is now available via winget install Qubernetic.copia-cli.