Record curvature security sweep results

[brendancol]

Summary

• First-time audit of xrspatial/curvature.py on 2026-04-25; clean across all six categories.
• GPU kernel _run_gpu (curvature.py:79-86) has a full bounds guard via the i + di <= out.shape[0] - 1 and j + dj <= out.shape[1] - 1 stencil check.
• All four backends cast input to float32, and curvature() calls _validate_raster at line 253. Tests cover int32/int64/uint32/uint64/float32/float64.

No source code is changed; only .claude/sweep-security-state.json is updated.

Test plan

• python -c "import json; json.load(open('.claude/sweep-security-state.json'))" -- JSON is valid.

[brendancol]

@copilot resolve the merge conflicts in this pull request

[Copilot]

@copilot resolve the merge conflicts in this pull request

Resolved in commit 1864373. The conflict was in .claude/sweep-security-state.json — both this branch (adding curvature) and main (adding cost_distance) inserted a new entry at the same location. The resolved file now includes all three new entries: dasymetric, cost_distance, and curvature.