Expand CI security checks

[SSBrouhard]

Goal

Move from unit-test-only CI to a baseline public-repo security posture.

Acceptance criteria

• CI runs compile and tests on pull requests.
• CodeQL workflow is enabled or documented if unavailable.
• Dependency updates are configured through Dependabot.
• Add a secrets-scan or document the substitute when GitHub secret scanning is unavailable.

[SSBrouhard]

OpenClaw Dependabot alert triage, 2026-06-10:

• GitHub reports four medium Dependabot alerts for hono < 4.12.21.
• The vulnerable copy is transitive through integrations/openclaw -> openclaw@2026.6.5 -> @modelcontextprotocol/sdk@1.29.0 -> hono@4.12.18.
• openclaw@2026.6.5 ships an npm-shrinkwrap.json, so VMGA cannot reliably remediate this with package-level npm overrides.
• VMGA's core broker path does not depend on OpenClaw; OpenClaw remains an optional external runtime/integration.
• Added npm Dependabot coverage for /integrations/openclaw in commit 356af0f.
• Added public-facing docs in README and docs/openclaw_integration.md to block remote OpenClaw-backed VMGA exposure until OpenClaw is patched or the operator supplies an equivalent patched runtime and deployment evidence.

Remaining for this issue: keep the alerts open until upstream OpenClaw publishes a patched package or VMGA removes the vendored OpenClaw dev dependency from the integration lockfile.

[SSBrouhard]

Scope update (adversarial review triage, 2026-06-10): add dependency hash pinning to CI (pip --require-hashes or a lock file). Optional small rider: broker-side per-source HTTP request throttling (fail-closed) on the broker surface — note failed-token-attempt lockout already exists; this covers general request rate only. Low priority given loopback default.