chore: modernize workflows, security scanning, and linting configuration (#50)

* build: update Go 1.25, CI workflows, and build tooling

- Upgrade to Go 1.25
- Add benchmark targets to Makefile
- Implement parallel gosec execution
- Lock tool versions for reproducibility
- Add shellcheck directives to scripts
- Update CI workflows with improved caching

* refactor: migrate from golangci-lint to revive

- Replace golangci-lint with revive for linting
- Configure comprehensive revive rules
- Fix all EditorConfig violations
- Add yamllint and yamlfmt support
- Remove deprecated .golangci.yml

* refactor: rename utils to shared and deduplicate code

- Rename utils package to shared
- Add shared constants package
- Deduplicate constants across packages
- Address CodeRabbit review feedback

* fix: resolve SonarQube issues and add safety guards

- Fix all 73 SonarQube OPEN issues
- Add nil guards for resourceMonitor, backpressure, metricsCollector
- Implement io.Closer for headerFileReader
- Propagate errors from processing helpers
- Add metrics and templates packages
- Improve error handling across codebase

* test: improve test infrastructure and coverage

- Add benchmarks for cli, fileproc, metrics
- Improve test coverage for cli, fileproc, config
- Refactor tests with helper functions
- Add shared test constants
- Fix test function naming conventions
- Reduce cognitive complexity in benchmark tests

* docs: update documentation and configuration examples

- Update CLAUDE.md with current project state
- Refresh README with new features
- Add usage and configuration examples
- Add SonarQube project configuration
- Consolidate config.example.yaml

* fix: resolve shellcheck warnings in scripts

- Use ./*.go instead of *.go to prevent dash-prefixed filenames
  from being interpreted as options (SC2035)
- Remove unreachable return statement after exit (SC2317)
- Remove obsolete gibidiutils/ directory reference

* chore(deps): upgrade go dependencies

* chore(lint): megalinter fixes

* fix: improve test coverage and fix file descriptor leaks

- Add defer r.Close() to fix pipe file descriptor leaks in benchmark tests
- Refactor TestProcessorConfigureFileTypes with helper functions and assertions
- Refactor TestProcessorLogFinalStats with output capture and keyword verification
- Use shared constants instead of literal strings (TestFilePNG, FormatMarkdown, etc.)
- Reduce cognitive complexity by extracting helper functions

* fix: align test comments with function names

Remove underscores from test comments to match actual function names:
- benchmark/benchmark_test.go (2 fixes)
- fileproc/filetypes_config_test.go (4 fixes)
- fileproc/filetypes_registry_test.go (6 fixes)
- fileproc/processor_test.go (6 fixes)
- fileproc/resource_monitor_types_test.go (4 fixes)
- fileproc/writer_test.go (3 fixes)

* fix: various test improvements and bug fixes

- Remove duplicate maxCacheSize check in filetypes_registry_test.go
- Shorten long comment in processor_test.go to stay under 120 chars
- Remove flaky time.Sleep in collector_test.go, use >= 0 assertion
- Close pipe reader in benchmark_test.go to fix file descriptor leak
- Use ContinueOnError in flags_test.go to match ResetFlags behavior
- Add nil check for p.ui in processor_workers.go before UpdateProgress
- Fix resource_monitor_validation_test.go by setting hardMemoryLimitBytes directly

* chore(yaml): add missing document start markers

Add --- document start to YAML files to satisfy yamllint:
- .github/workflows/codeql.yml
- .github/workflows/build-test-publish.yml
- .github/workflows/security.yml
- .github/actions/setup/action.yml

* fix: guard nil resourceMonitor and fix test deadlock

- Guard resourceMonitor before CreateFileProcessingContext call
- Add ui.UpdateProgress on emergency stop and path error returns
- Fix potential deadlock in TestProcessFile using wg.Go with defer close

Makefile

@@ -1,14 +1,10 @@
-.PHONY: all clean test test-coverage build coverage help lint lint-fix \
-	lint-verbose install-tools benchmark benchmark-collection \
-	benchmark-concurrency benchmark-format benchmark-processing \
-	build-benchmark check-all ci-lint ci-test dev-setup security \
-	security-full vuln-check deps-update deps-check deps-tidy
+.PHONY: all help install-tools lint lint-fix test coverage build clean all build-benchmark benchmark benchmark-go benchmark-go-cli benchmark-go-fileproc benchmark-go-metrics benchmark-go-shared benchmark-all benchmark-collection benchmark-processing benchmark-concurrency benchmark-format security security-full vuln-check update-deps check-all dev-setup
 
 # Default target shows help
 .DEFAULT_GOAL := help
 
 # All target runs full workflow
-all: lint test build
+all: lint lint-fix test build
 
 # Help target
 help:
@@ -26,19 +22,11 @@ lint:
 lint-fix:
 	@./scripts/lint-fix.sh
 
-# Run linters with verbose output
-lint-verbose:
-	@./scripts/lint-verbose.sh
-
 # Run tests
 test:
 	@echo "Running tests..."
 	@go test -race -v ./...
 
-# Run tests with coverage output
-test-coverage:
-	@./scripts/test-coverage.sh
-
 # Run tests with coverage
 coverage:
 	@echo "Running tests with coverage..."
@@ -55,13 +43,14 @@ build:
 # Clean build artifacts
 clean:
 	@echo "Cleaning build artifacts..."
-	@rm -f gibidify gibidify-benchmark
-	@rm -f coverage.out coverage.html
+	@rm -f gibidify gibidify-benchmark coverage.out coverage.html *.out
 	@echo "Clean complete"
 
 # CI-specific targets
+.PHONY: ci-lint ci-test
+
 ci-lint:
-	@golangci-lint run --out-format=github-actions ./...
+	@revive -config revive.toml -formatter friendly -set_exit_status ./...
 
 ci-test:
 	@go test -race -coverprofile=coverage.out -json ./... > test-results.json
@@ -72,11 +61,36 @@ build-benchmark:
 	@go build -ldflags="-s -w" -o gibidify-benchmark ./cmd/benchmark
 	@echo "Build complete: ./gibidify-benchmark"
 
-# Run benchmarks
+# Run custom benchmark binary
 benchmark: build-benchmark
-	@echo "Running all benchmarks..."
+	@echo "Running custom benchmarks..."
 	@./gibidify-benchmark -type=all
 
+# Run all Go test benchmarks
+benchmark-go:
+	@echo "Running all Go test benchmarks..."
+	@go test -bench=. -benchtime=100ms -run=^$$ ./...
+
+# Run Go test benchmarks for specific packages
+benchmark-go-cli:
+	@echo "Running CLI benchmarks..."
+	@go test -bench=. -benchtime=100ms -run=^$$ ./cli/...
+
+benchmark-go-fileproc:
+	@echo "Running fileproc benchmarks..."
+	@go test -bench=. -benchtime=100ms -run=^$$ ./fileproc/...
+
+benchmark-go-metrics:
+	@echo "Running metrics benchmarks..."
+	@go test -bench=. -benchtime=100ms -run=^$$ ./metrics/...
+
+benchmark-go-shared:
+	@echo "Running shared benchmarks..."
+	@go test -bench=. -benchtime=100ms -run=^$$ ./shared/...
+
+# Run all benchmarks (custom + Go test)
+benchmark-all: benchmark benchmark-go
+
 # Run specific benchmark types
 benchmark-collection: build-benchmark
 	@echo "Running file collection benchmarks..."
@@ -99,24 +113,19 @@ security:
 	@echo "Running comprehensive security scan..."
 	@./scripts/security-scan.sh
 
-security-full:
+security-full: install-tools
 	@echo "Running full security analysis..."
 	@./scripts/security-scan.sh
+	@echo "Running additional security checks..."
+	@gosec -fmt=json -out=security-report.json ./...
+	@staticcheck -checks=all ./...
 
 vuln-check:
 	@echo "Checking for dependency vulnerabilities..."
-	@go install golang.org/x/vuln/cmd/govulncheck@latest
+	@go install golang.org/x/vuln/cmd/govulncheck@v1.1.4
 	@govulncheck ./...
 
-# Dependency management targets
-deps-check:
-	@./scripts/deps-check.sh
-
-deps-update:
-	@./scripts/deps-update.sh
-
-deps-tidy:
-	@echo "Cleaning up dependencies..."
-	@go mod tidy
-	@go mod verify
-	@echo "Dependencies cleaned and verified successfully!"
+# Update dependencies
+update-deps:
+	@echo "Updating Go dependencies..."
+	@./scripts/update-deps.sh