ci: wire org-wide security-scan + dependabot + CODEOWNERS

[WomB0ComB0]

Standardization pass across public ResQ repos.

• .github/workflows/security.yml — caller for the reusable security-scan.yml (CodeQL + Gitleaks + OSV + dependency-review) with languages=["csharp","actions"].

• .github/CODEOWNERS — default owner.

Inherits CoC / Contributing / Security / Support / PR + issue templates from resq-software/.github.

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Added automated security scanning workflow that executes on code pushes to main branches, pull requests, and weekly schedules to analyze C# and GitHub Actions files.
  • Established code ownership configuration to clarify maintenance responsibilities and streamline code review assignments across the repository.

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

📝 Walkthrough

Walkthrough

Added a default code owner assignment for unmatched repository paths and configured a new GitHub Actions workflow that triggers security scanning on push events to main/master branches, pull requests, weekly schedules, and manual dispatch, delegating to an organization-wide reusable workflow with C# and GitHub Actions language analysis.

Changes

Cohort / File(s)	Summary
Repository Configuration .github/CODEOWNERS	Added default code owner assignment for all unmatched repository paths.
Security Automation .github/workflows/security.yml	Added GitHub Actions workflow triggering security scans on pushes, pull requests, weekly schedule, and manual dispatch, delegating to organization reusable workflow for C# and GitHub Actions analysis.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 A dash of ownership, a scan so keen,
Security checks on every green,
Code owners rise, workflows align,
Repository safety, now divine! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main changes: adding org-wide security scanning, CODEOWNERS, and mentions dependabot-related work for standardization.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch ci/standardize-security-governance

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request adds a default owner to the .github/CODEOWNERS file but incorrectly includes a large volume of build artifacts and generated files from the bin/ and obj/ directories across multiple projects. These environment-specific files, including binaries, debug symbols, and intermediate build metadata, should be removed from the commit and excluded via a .gitignore file to maintain repository hygiene and prevent potential merge conflicts.

[gemini-code-assist]

This pull request includes a large number of build artifacts and generated files from the bin/ and obj/ directories (such as .deps.json, .dll, .pdb, AssemblyInfo.cs, and project.assets.json). These files should not be committed to version control as they are environment-specific, cause repository bloat, and lead to frequent merge conflicts. For example, the file ResQ.Blockchain.GeneratedMSBuildEditorConfig.editorconfig contains absolute local file paths from the build environment. Please remove these directories from the commit and ensure they are excluded via a .gitignore file.