Add CI/CD workflows and repository hygiene files

[Copilot]

Implements standardized GitHub Actions workflows for linting, testing, deployment, and security scanning, plus repository governance files (security policy, contribution guidelines, templates).

Workflows

.github/workflows/lint-test.yml

• Node.js 18/20 with npm/yarn auto-detection + caching
• Python 3.9/3.10/3.11 with flake8/black/pytest
• Conditional execution based on file presence
• Fails on syntax errors, warns on formatting issues

.github/workflows/deploy.yml

• Multi-environment: dev/stage/prod via workflow_dispatch
• OIDC placeholders for AWS/GCP/Azure with environment-based role selection
• Required secrets documented: WEB3_RPC_URL, OPENAI_API_KEY, SLACK_BOT_TOKEN, DISCORD_BOT_TOKEN, DB_URL, S3_BUCKET

.github/workflows/codeql.yml

• JavaScript/Python security analysis
• Weekly schedule + PR triggers

.github/workflows/dependency-review.yml

• Vulnerability scanning on PRs (fails on moderate+)
• License policy enforcement

Repository Files

• SECURITY.md: Vulnerability reporting process, SLA placeholders, branch protection requirements
• CONTRIBUTING.md: Development workflow, PR checklist, coding standards
• CODEOWNERS: Default ownership to @lippytm
• LICENSE: MIT
• .github/ISSUE_TEMPLATE.md & .github/PULL_REQUEST_TEMPLATE.md: Standard templates
• README.md: Added CI status badges

Key Details

• All workflows trigger on both master and main for future compatibility
• Least-privilege permissions (explicit on all new workflows)
• No secrets committed (commented placeholders only)
• Updated existing blank.yml: added main branch trigger, checkout@v2→v4

Original prompt

Add standardized CI/CD and hygiene files to improve integration and security.

Scope:

• Create GitHub Actions workflows:
  • lint-test.yml: run lint/format/test for Node/TypeScript (npm/yarn) and Python (if present) with caching.
  • deploy.yml: stub deploy job triggered on master/main and manual dispatch with environment matrix (dev/stage/prod), using OIDC for cloud auth placeholders; include required secrets as environment variables (e.g., WEB3_RPC_URL, OPENAI_API_KEY, SLACK_BOT_TOKEN, DISCORD_BOT_TOKEN, DB_URL, S3_BUCKET) as inputs/vars (no secrets committed).
  • codeql.yml: enable CodeQL for repo languages.
  • dependency-review.yml: enable dependency review on PRs.
• Add repo hygiene files: SECURITY.md (vuln reporting, SLA placeholder), CONTRIBUTING.md (how to contribute, PR checklist, testing), CODEOWNERS (fallback to @lippytm), LICENSE (MIT), issue/PR templates, and README badges for CI status.
• Ensure branch protections assumed on master/main (document in SECURITY/CONTRIBUTING) and workflows use least-privilege permissions.

Deliverables:

• New/updated files under .github/workflows/ for lint-test, deploy, codeql, dependency-review.
• New/updated SECURITY.md, CONTRIBUTING.md, CODEOWNERS, LICENSE, .github/ISSUE_TEMPLATE.md, .github/PULL_REQUEST_TEMPLATE.md, README badge snippet for workflows.
• No real secrets committed; use placeholders and document required secrets.

Testing:

• Workflows should pass YAML linting; no runtime secrets required for CI jobs other than placeholders.

Notes:

• Base branch is master.
• Do not remove existing code; additive changes only.
• Mirror compatibility with a future main branch (workflows should trigger on master and main).

This pull request was created from Copilot chat.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.