chore: modernize workflows, security scanning, and linting configuration (#50)

* build: update Go 1.25, CI workflows, and build tooling

- Upgrade to Go 1.25
- Add benchmark targets to Makefile
- Implement parallel gosec execution
- Lock tool versions for reproducibility
- Add shellcheck directives to scripts
- Update CI workflows with improved caching

* refactor: migrate from golangci-lint to revive

- Replace golangci-lint with revive for linting
- Configure comprehensive revive rules
- Fix all EditorConfig violations
- Add yamllint and yamlfmt support
- Remove deprecated .golangci.yml

* refactor: rename utils to shared and deduplicate code

- Rename utils package to shared
- Add shared constants package
- Deduplicate constants across packages
- Address CodeRabbit review feedback

* fix: resolve SonarQube issues and add safety guards

- Fix all 73 SonarQube OPEN issues
- Add nil guards for resourceMonitor, backpressure, metricsCollector
- Implement io.Closer for headerFileReader
- Propagate errors from processing helpers
- Add metrics and templates packages
- Improve error handling across codebase

* test: improve test infrastructure and coverage

- Add benchmarks for cli, fileproc, metrics
- Improve test coverage for cli, fileproc, config
- Refactor tests with helper functions
- Add shared test constants
- Fix test function naming conventions
- Reduce cognitive complexity in benchmark tests

* docs: update documentation and configuration examples

- Update CLAUDE.md with current project state
- Refresh README with new features
- Add usage and configuration examples
- Add SonarQube project configuration
- Consolidate config.example.yaml

* fix: resolve shellcheck warnings in scripts

- Use ./*.go instead of *.go to prevent dash-prefixed filenames
  from being interpreted as options (SC2035)
- Remove unreachable return statement after exit (SC2317)
- Remove obsolete gibidiutils/ directory reference

* chore(deps): upgrade go dependencies

* chore(lint): megalinter fixes

* fix: improve test coverage and fix file descriptor leaks

- Add defer r.Close() to fix pipe file descriptor leaks in benchmark tests
- Refactor TestProcessorConfigureFileTypes with helper functions and assertions
- Refactor TestProcessorLogFinalStats with output capture and keyword verification
- Use shared constants instead of literal strings (TestFilePNG, FormatMarkdown, etc.)
- Reduce cognitive complexity by extracting helper functions

* fix: align test comments with function names

Remove underscores from test comments to match actual function names:
- benchmark/benchmark_test.go (2 fixes)
- fileproc/filetypes_config_test.go (4 fixes)
- fileproc/filetypes_registry_test.go (6 fixes)
- fileproc/processor_test.go (6 fixes)
- fileproc/resource_monitor_types_test.go (4 fixes)
- fileproc/writer_test.go (3 fixes)

* fix: various test improvements and bug fixes

- Remove duplicate maxCacheSize check in filetypes_registry_test.go
- Shorten long comment in processor_test.go to stay under 120 chars
- Remove flaky time.Sleep in collector_test.go, use >= 0 assertion
- Close pipe reader in benchmark_test.go to fix file descriptor leak
- Use ContinueOnError in flags_test.go to match ResetFlags behavior
- Add nil check for p.ui in processor_workers.go before UpdateProgress
- Fix resource_monitor_validation_test.go by setting hardMemoryLimitBytes directly

* chore(yaml): add missing document start markers

Add --- document start to YAML files to satisfy yamllint:
- .github/workflows/codeql.yml
- .github/workflows/build-test-publish.yml
- .github/workflows/security.yml
- .github/actions/setup/action.yml

* fix: guard nil resourceMonitor and fix test deadlock

- Guard resourceMonitor before CreateFileProcessingContext call
- Add ui.UpdateProgress on emergency stop and path error returns
- Fix potential deadlock in TestProcessFile using wg.Go with defer close

cli/processor_processing.go

@@ -1,12 +1,14 @@
+// Package cli provides command-line interface functionality for gibidify.
 package cli
 
 import (
 	"context"
 	"os"
 	"sync"
+	"time"
 
 	"github.com/ivuorinen/gibidify/fileproc"
-	"github.com/ivuorinen/gibidify/gibidiutils"
+	"github.com/ivuorinen/gibidify/shared"
 )
 
 // Process executes the main file processing workflow.
@@ -16,9 +18,7 @@ func (p *Processor) Process(ctx context.Context) error {
 	defer overallCancel()
 
 	// Configure file type registry
-	if err := p.configureFileTypes(); err != nil {
-		return err
-	}
+	p.configureFileTypes()
 
 	// Print startup info with colors
 	p.ui.PrintHeader("🚀 Starting gibidify")
@@ -31,23 +31,32 @@ func (p *Processor) Process(ctx context.Context) error {
 	p.resourceMonitor.LogResourceInfo()
 	p.backpressure.LogBackpressureInfo()
 
-	// Collect files with progress indication
+	// Collect files with progress indication and timing
 	p.ui.PrintInfo("📁 Collecting files...")
+	collectionStart := time.Now()
 	files, err := p.collectFiles()
+	collectionTime := time.Since(collectionStart)
+	p.metricsCollector.RecordPhaseTime(shared.MetricsPhaseCollection, collectionTime)
+
 	if err != nil {
 		return err
 	}
 
 	// Show collection results
-	p.ui.PrintSuccess("Found %d files to process", len(files))
+	p.ui.PrintSuccess(shared.CLIMsgFoundFilesToProcess, len(files))
 
 	// Pre-validate file collection against resource limits
 	if err := p.validateFileCollection(files); err != nil {
 		return err
 	}
 
-	// Process files with overall timeout
-	return p.processFiles(overallCtx, files)
+	// Process files with overall timeout and timing
+	processingStart := time.Now()
+	err = p.processFiles(overallCtx, files)
+	processingTime := time.Since(processingStart)
+	p.metricsCollector.RecordPhaseTime(shared.MetricsPhaseProcessing, processingTime)
+
+	return err
 }
 
 // processFiles processes the collected files.
@@ -57,7 +66,7 @@ func (p *Processor) processFiles(ctx context.Context, files []string) error {
 		return err
 	}
 	defer func() {
-		gibidiutils.LogError("Error closing output file", outFile.Close())
+		shared.LogError("Error closing output file", outFile.Close())
 	}()
 
 	// Initialize back-pressure and channels
@@ -67,11 +76,7 @@ func (p *Processor) processFiles(ctx context.Context, files []string) error {
 	writerDone := make(chan struct{})
 
 	// Start writer
-	go fileproc.StartWriter(outFile, writeCh, writerDone, fileproc.WriterConfig{
-		Format: p.flags.Format,
-		Prefix: p.flags.Prefix,
-		Suffix: p.flags.Suffix,
-	})
+	go fileproc.StartWriter(outFile, writeCh, writerDone, p.flags.Format, p.flags.Prefix, p.flags.Suffix)
 
 	// Start workers
 	var wg sync.WaitGroup
@@ -83,28 +88,41 @@ func (p *Processor) processFiles(ctx context.Context, files []string) error {
 	// Send files to workers
 	if err := p.sendFiles(ctx, files, fileCh); err != nil {
 		p.ui.FinishProgress()
+
 		return err
 	}
 
-	// Wait for completion
+	// Wait for completion with timing
+	writingStart := time.Now()
 	p.waitForCompletion(&wg, writeCh, writerDone)
+	writingTime := time.Since(writingStart)
+	p.metricsCollector.RecordPhaseTime(shared.MetricsPhaseWriting, writingTime)
+
 	p.ui.FinishProgress()
 
+	// Final cleanup with timing
+	finalizeStart := time.Now()
 	p.logFinalStats()
+	finalizeTime := time.Since(finalizeStart)
+	p.metricsCollector.RecordPhaseTime(shared.MetricsPhaseFinalize, finalizeTime)
+
 	p.ui.PrintSuccess("Processing completed. Output saved to %s", p.flags.Destination)
+
 	return nil
 }
 
 // createOutputFile creates the output file.
 func (p *Processor) createOutputFile() (*os.File, error) {
 	// Destination path has been validated in CLI flags validation for path traversal attempts
-	// #nosec G304 - destination is validated in flags.validate()
-	outFile, err := os.Create(p.flags.Destination)
+	outFile, err := os.Create(p.flags.Destination) // #nosec G304 - destination is validated in flags.validate()
 	if err != nil {
-		return nil, gibidiutils.WrapError(
-			err, gibidiutils.ErrorTypeIO, gibidiutils.CodeIOFileCreate,
+		return nil, shared.WrapError(
+			err,
+			shared.ErrorTypeIO,
+			shared.CodeIOFileCreate,
 			"failed to create output file",
 		).WithFilePath(p.flags.Destination)
 	}
+
 	return outFile, nil
 }