security: harden supply chain (Dependabot cooldowns, CodeQL, Scorecard, dep-review, zizmor)

[potiuk]

Summary

Adds repo-level security hardening. All changes are additive — no existing code is touched.

• .github/dependabot.yml — npm + github-actions ecosystems, with cooldowns (3-day patch / 7-day minor / 21-day major) so brand-new releases have time to be flagged by the ecosystem before we pull them in. Security advisories bypass cooldown automatically. The npm ecosystem is scoped to /mcp/ponymail-mcp (where package.json lives). Minor + patch updates grouped into single PRs to cut noise.
• .github/workflows/codeql.yml — CodeQL on push / PR / weekly, with the security-extended and security-and-quality query suites for JS/TS.
• .github/workflows/scorecard.yml — OpenSSF Scorecard; publishes results to code scanning + SARIF artifact.
• .github/workflows/dependency-review.yml — blocks PRs introducing deps with ≥moderate CVEs or GPL/AGPL licenses.
• .github/workflows/zizmor.yml — static analysis of the workflows themselves (script injection, overbroad permissions, unpinned refs, cache poisoning, etc.).
• SECURITY.md — directs reporters to security@apache.org first (the canonical ASF channel), with GitHub Private Vulnerability Reporting as a secondary channel for issues isolated to this repo's tooling.

Workflow hardening applied throughout

• Top-level permissions: {} (deny-all) with per-job minimum grants.
• All third-party actions pinned to full commit SHAs (dereferenced from annotated tags) with version comments — Dependabot keeps them current.
• actions/checkout sets persist-credentials: false so a stashed token can't be exfiltrated by later steps.
• Timeouts on every job.

Notes for ASF context

• SECURITY.md follows ASF convention: security@apache.org is preferred, GitHub PVR is secondary. Adjust language if comdev has a different preferred process.
• The repo also contains Python scripts (asf-highlights/, project-activity/). I left CodeQL scoped to javascript-typescript to mirror the original; happy to add python to the matrix in a follow-up.
• Independent of and complementary to Rbowen ponymail mcp #2 / Block all private lists by default, add opt-in allowlist #3 — no overlap with mcp/ponymail-mcp/ source changes.

Repo-level actions that can't be set via files

These require admin access in the GitHub UI (Settings → Code security):

• Enable Private vulnerability reporting (so the SECURITY.md PVR link works)
• Enable Secret scanning + Push protection
• Enable Dependabot alerts and Dependabot security updates
• Enable CodeQL code scanning (the workflow here uses advanced setup; default setup can coexist or be disabled)

Branch protection on main (Settings → Rules → Rulesets or Branches):

• Require PR + at least one review before merge
• Require status checks to pass: CodeQL, Dependency Review, Zizmor
• Require branches to be up to date before merge
• Require signed commits
• Dismiss stale approvals on new pushes
• Restrict who can push directly (admins only, or nobody)
• Block force pushes and deletions

Optional but recommended:

• Add a CODEOWNERS file so reviews auto-request the right people
• Apply for OpenSSF Best Practices badge once Scorecard is running

Test plan

• Merge and confirm Dependabot opens grouped npm/actions PRs on the next weekly run
• Confirm CodeQL / Scorecard / zizmor appear in the Security → Code scanning tab
• Open a test PR with a deliberately vulnerable dep to verify dependency-review blocks it
• Verify the SECURITY.md PVR link resolves once PVR is enabled

🤖 Generated with Claude Code

[potiuk]

This PR loosely depends on #2 merged - as it refers to files added there - but could be merged independently.