feat: add comprehensive security scanning and EditorConfig integration

- Add govulncheck, Snyk, and Trivy vulnerability scanning
- Create security workflow for automated scanning on push/PR/schedule
- Add gitleaks for secrets detection and prevention
- Implement EditorConfig linting with eclint and editorconfig-checker
- Update Makefile with security and formatting targets
- Create SECURITY.md with vulnerability reporting guidelines
- Configure Dependabot for automated dependency updates
- Fix all EditorConfig violations across codebase
- Update Go version to 1.23.10 to address stdlib vulnerabilities
- Add tests for internal/helpers package (80% coverage)
- Remove deprecated functions and migrate to error-returning patterns
- Fix YAML indentation in test fixtures to resolve test failures

testutil/testutil.go

@@ -192,6 +192,30 @@ branding:
 `, name, description, inputsYAML.String())
 }
 
+// SetupTestTemplates creates template files for testing.
+func SetupTestTemplates(t *testing.T, dir string) {
+	t.Helper()
+
+	// Create templates directory structure
+	templatesDir := filepath.Join(dir, "templates")
+	themesDir := filepath.Join(templatesDir, "themes")
+
+	// Create directories
+	for _, theme := range []string{"github", "gitlab", "minimal", "professional"} {
+		themeDir := filepath.Join(themesDir, theme)
+		if err := os.MkdirAll(themeDir, 0755); err != nil {
+			t.Fatalf("failed to create theme dir %s: %v", themeDir, err)
+		}
+		// Write theme template
+		templatePath := filepath.Join(themeDir, "readme.tmpl")
+		WriteTestFile(t, templatePath, SimpleTemplate)
+	}
+
+	// Create default template
+	defaultTemplatePath := filepath.Join(templatesDir, "readme.tmpl")
+	WriteTestFile(t, defaultTemplatePath, SimpleTemplate)
+}
+
 // CreateCompositeAction creates a test composite action with dependencies.
 func CreateCompositeAction(name, description string, steps []string) string {
 	var stepsYAML bytes.Buffer