Add Makefile with security scanning and enhance key management policies

[Copilot]

Implements automated security tooling and comprehensive key management guidelines to prevent credential leaks in the repository.

Changes

Makefile

New automation targets for repository maintenance and security:

• check-secrets - Scans for private keys, API tokens, credentials (fails on private keys)
• check-tokens - Detects GitHub tokens (pattern: gh[ps]_[a-zA-Z0-9]{36,})
• check-perms - Validates file permissions and executable flags
• validate - Repository structure verification
• lint - Markdown linting via markdownlint-cli
• apply-rulesets - Instructions for GitHub ruleset deployment

POLICY.md

Expanded Security Policy section with key management practices:

• Protected information types taxonomy (private keys, API keys, credentials, configs)
• Safe practices: environment variables, template files, pre-commit hooks
• Emergency response procedures for leaked secrets
• Integration points with existing CI/CD security scanning

README.md

Added Development Tools section documenting Makefile usage and security features.

Usage

# Before committing
make check-secrets

# Full validation
make test

Security Infrastructure

• Validates existing .gitignore patterns (comprehensive coverage)
• Verifies GitHub rulesets align with security best practices
• Integrates with .github/workflows/security.yml scanning
• Pattern excludes self-references (POLICY.md, security-patterns.yml)

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.