* fix(ci): use the latest openssf scorecard action
* fix(ci): replace scorecard workflow with upstream reference
Replace our custom scorecard workflow with the official ossf/scorecard
workflow template for better alignment with upstream recommendations.
* feat(security): add OpenSSF Scorecard workflow and maximize score
- Add scorecard.yml workflow (weekly + push to main) with SARIF upload
- Add CONTRIBUTING.md for contributor guidelines
- Add SLSA provenance attestation job to release workflow
- Add CycloneDX SBOM generation job to release workflow
- Pin Dockerfile base images to sha256 digests
- Enable Renovate pinDigests and platformAutomerge
- Add OpenSSF Scorecard badge to README
* fix(docs): address PR #498 review comments and remove .coderabbit.yaml
- Delete .coderabbit.yaml (falls back to shared org-level config)
- Add missing linter deps to CONTRIBUTING.md install step
- Separate make all and make test into distinct steps
- Fix line length note to match EditorConfig (200 chars, no MD override)
- Add yamllint/markdownlint to YAML/JSON/Markdown linter list
- Refine action references guidance
- Expand "Adding a New Action" section with action-docs and catalog info
