chore(ci): add GitHub Actions workflow for build and test (#4)

### Lab Phase & Objective

This PR is a foundational task for **all phases**.

The objective is to implement a Continuous Integration (CI) pipeline using GitHub Actions. This establishes an automated quality gate for the repository, ensuring that all code merged into the `main` branch is compiled and tested successfully. This is a core DevSecOps practice.

### Key Architectural Decisions & Trade-offs

- **Trigger on `push` and `pull_request`:** The workflow runs on all PRs targeting `main` and on any direct pushes to `main`. This provides comprehensive protection for our primary branch.
- **Maven Wrapper (`./mvnw`):** The CI job explicitly uses the Maven Wrapper. This guarantees that the build environment in the CI runner is 100% consistent with our local development environment, eliminating "works on my machine" issues.
- **`clean verify` Goal:** Using the `verify` Maven lifecycle phase ensures the entire project is built, all unit and integration tests are executed, and the application is packaged. A failure in any of these steps will fail the build.
- **Eclipse Temurin JDK:** Chose the Temurin distribution of OpenJDK as it is a vendor-neutral, TCK-certified, and enterprise-grade build, which is a best practice for stable CI pipelines.

### Verification Strategy

- [ ] **Unit/Integration Tests:** The purpose of this PR *is* the test automation. Verification is done by observing the "Checks" section of this Pull Request.
- [x] **CI/CD Pipeline:** The workflow defined in `.github/workflows/ci.yml` should execute and pass. A green checkmark in the PR's "Checks" section indicates success.
- [ ] **Docker Compose:** N/A.
- [ ] **Manual Verification:** N/A.

### Definition of Done Checklist

- [x] The PR title follows the Conventional Commits specification (e.g., `chore: ...`).
- [x] The code adheres to project conventions (YAML syntax is correct).
- [x] The `README.md` does not require changes for this infrastructure update.
- [x] All new logic is covered by automated tests. (This PR *is* the test automation).
- [x] Security implications of the changes have been considered (secures the build process).
- [ ] Observability implications (metrics, logs, traces) have been considered. (N/A for this change).

Author: apenlor

.github/workflows/ci.yml

@@ -0,0 +1,29 @@
+name: Java CI with Maven
+
+# This workflow will run on pushes to the 'main' branch and on pull requests targeting 'main'
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+
+jobs:
+  build:
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up JDK 21
+        uses: actions/setup-java@v4
+        with:
+          java-version: '21'
+          distribution: 'temurin'
+
+      # The build will fail if any tests fail, blocking the PR from merging.
+      - name: Build and test with Maven
+        run: ./mvnw -B clean verify