chore(ci): harden GitHub Actions (#22)
## What does this PR do?
Hardens our reusable workflows in response to GHSA-g7cv-rxg3-hmpx (the
2026-05-11 `@tanstack/*` npm supply-chain compromise).
- Adds `permissions: {}` default-deny at workflow level on all 10
workflow files
- Splits `publish.yml` into separate `build` and `publish` jobs so
`id-token: write` (npm trusted-publisher OIDC) is scoped to a job that
never executes project code; publish job uses `pnpm install
--ignore-scripts`
- Pins `actions/upload-artifact` (`043fb46d...`, v7.0.1) and
`actions/download-artifact` (`3e5f45b2...`, v8.0.1) — new actions
introduced by the publish.yml split
- Re-pins `actions/checkout`, `pnpm/action-setup`, `actions/setup-node`
in the new build job to match the SHA pins already used elsewhere in the
file
- Routes workflow inputs and event context through `env:` instead of
`${{ }}` shell interpolation in `preview.yml`, `detect-agent.yml`, and
`detect-agent-backfill.yml`; quotes `"$VAR"` to prevent word-splitting
and glob expansion on label/glob inputs
- Adds `if: github.repository_owner == 'bombshell-dev'` owner gate to
`detect-agent.yml` and `detect-agent-backfill.yml` (other workflows
already had it)
- Adds `.github/dependabot.yml` for automated weekly SHA bumps on GitHub
Actions, grouped into a single PR
## Type of change
<!-- Check one. -->
- [ ] Bug fix
- [ ] Feature
- [ ] Refactor (no behavior change)
- [ ] Documentation
- [ ] Performance improvement
- [ ] Tests
- [x] Chore (dependencies, CI, tooling)
## AI-generated code disclosure
<!-- If any part of this PR was generated by AI tools (Copilot, Claude,
GPT, Cursor, etc.), check the box. This is fine — we just need to know
so reviewers can pay extra attention to edge cases. -->
- [x] This PR includes AI-generated code