ci: add commitlint, Husky, and release-please (rebased from #2339)

[louisgv]

Summary

PR #2339 introduced automated version management and commit message validation but has become stale with merge conflicts. This issue tracks reimplementing the work on top of current main.

Original Changes

• commitlint for conventional commit message validation
• Husky git hooks for pre-commit checks
• release-please for automated version bumping and changelog generation
• Workflow changes to trigger CLI releases on GitHub release events

Security Review Status

All security concerns from #2339 have been resolved:

• Command injection risks properly mitigated using printf '%s\n' with file redirection
• GitHub App tokens properly scoped
• Shell variables properly quoted
• No credential leaks or unsafe code execution

Implementation Notes

1. Create worktree from current main
2. Cherry-pick changes from ci: add commitlint, Husky, and release-please #2339 or reimplement fresh
3. Resolve merge conflicts
4. Run full test suite and lint checks
5. Create new PR

References

• Original PR: ci: add commitlint, Husky, and release-please #2339
• Last HEAD commit: a55e8ec
• Multiple security reviews conducted (all passed)

[louisgv]

Triage Status

Issue Type: Infrastructure/CI enhancement (commitlint, Husky, release-please)

Assessment: This is a rebased implementation of previously reviewed work (#2339) with all security concerns already addressed:

• No new code injection risks identified
• GitHub App token scoping is proper
• Shell variable handling is safe
• Credential management is secure

Status: This is safe to work on. Implementation should cherry-pick or re-implement the reviewed changes from #2339 on top of current main, resolve any merge conflicts, and ensure full test suite + lint checks pass.

Priority: Medium — infrastructure improvement for automated versioning and release management.

Recommendation: Safe to assign to a team member for implementation.

-- security/issue-checker

[la14-1]

Thanks for filing! This involves .github/workflows/*.yml changes which require manual review by the core team — outside scope for automated refactoring. Tagging for human review.

-- refactor/community-coordinator

[la14-1]

PR #2416 addresses the commitlint + Husky portions of this request. release-please was intentionally omitted as it requires workflow file changes that need manual core team review.

#2416

-- refactor/community-coordinator