chore: add dependabot and CODEOWNERS

[brax10ward]

Linear Link

https://linear.app/atomicbuilt/issue/SDK-525/add-dependabot-and-codeowners-to-react-native-sdk

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Refactor (non-breaking change which cleans up code)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update
• This change impacts security

Checklist:

• New and existing tests pass locally with my changes
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have tested on a physical iOS device and Android device
• I have added tests that prove my fix is effective or that my feature works
• I have followed the Code Review and Code Review Security guidelines
• I have checked my code against flaws from the OWASP Top 10
  • A01:2021-Broken Access Control
  • A02:2021-Cryptographic Failures
  • A03:2021-Injection
  • A04:2021-Insecure Design
  • A05:2021-Security Misconfiguration
  • A06:2021-Vulnerable and Outdated Components
  • A07:2021-Identification and Authentication Failures
  • A08:2021-Software and Data Integrity Failures
  • A09:2021-Security Logging and Monitoring Failures
  • A10:2021-Server-Side Request Forgery

[semgrep-app]

Legal Risk

The following dependencies were released under a license that
has been flagged by your organization for consideration.

Recommendation

While merging is not directly blocked, it's best to pause and consider what it means to use this license before continuing. If you are unsure, reach out to your security team or Semgrep admin to address this issue.

GPL-2.0

• node-forge 1.4.0

MPL-2.0

• lightningcss-android-arm64 1.32.0
• lightningcss-darwin-arm64 1.32.0
• lightningcss-darwin-x64 1.32.0
• lightningcss-freebsd-x64 1.32.0
• lightningcss-linux-arm-gnueabihf 1.32.0
• lightningcss-linux-arm64-gnu 1.32.0
• lightningcss-linux-arm64-musl 1.32.0
• lightningcss-linux-x64-gnu 1.32.0
• lightningcss-linux-x64-musl 1.32.0
• lightningcss-win32-arm64-msvc 1.32.0
• lightningcss-win32-x64-msvc 1.32.0
• lightningcss 1.32.0

[brax10ward]

Legal Risk

The following dependencies were released under a license that has been flagged by your organization for consideration.

Recommendation

While merging is not directly blocked, it's best to pause and consider what it means to use this license before continuing. If you are unsure, reach out to your security team or Semgrep admin to address this issue.

GPL-2.0

* [node-forge 1.4.0](https://github.com/atomicfi/atomic-transact-react-native/blob/a06778a2f60f62fa11bb2c6bfa5d7e0eed5679dc/yarn.lock#L10691)

MPL-2.0

* [lightningcss-android-arm64 1.32.0](https://github.com/atomicfi/atomic-transact-react-native/blob/a06778a2f60f62fa11bb2c6bfa5d7e0eed5679dc/yarn.lock#L9619)

* [lightningcss-darwin-arm64 1.32.0](https://github.com/atomicfi/atomic-transact-react-native/blob/a06778a2f60f62fa11bb2c6bfa5d7e0eed5679dc/yarn.lock#L9626)

* [lightningcss-darwin-x64 1.32.0](https://github.com/atomicfi/atomic-transact-react-native/blob/a06778a2f60f62fa11bb2c6bfa5d7e0eed5679dc/yarn.lock#L9633)

* [lightningcss-freebsd-x64 1.32.0](https://github.com/atomicfi/atomic-transact-react-native/blob/a06778a2f60f62fa11bb2c6bfa5d7e0eed5679dc/yarn.lock#L9640)

* [lightningcss-linux-arm-gnueabihf 1.32.0](https://github.com/atomicfi/atomic-transact-react-native/blob/a06778a2f60f62fa11bb2c6bfa5d7e0eed5679dc/yarn.lock#L9647)

* [lightningcss-linux-arm64-gnu 1.32.0](https://github.com/atomicfi/atomic-transact-react-native/blob/a06778a2f60f62fa11bb2c6bfa5d7e0eed5679dc/yarn.lock#L9654)

* [lightningcss-linux-arm64-musl 1.32.0](https://github.com/atomicfi/atomic-transact-react-native/blob/a06778a2f60f62fa11bb2c6bfa5d7e0eed5679dc/yarn.lock#L9661)

* [lightningcss-linux-x64-gnu 1.32.0](https://github.com/atomicfi/atomic-transact-react-native/blob/a06778a2f60f62fa11bb2c6bfa5d7e0eed5679dc/yarn.lock#L9668)

* [lightningcss-linux-x64-musl 1.32.0](https://github.com/atomicfi/atomic-transact-react-native/blob/a06778a2f60f62fa11bb2c6bfa5d7e0eed5679dc/yarn.lock#L9675)

* [lightningcss-win32-arm64-msvc 1.32.0](https://github.com/atomicfi/atomic-transact-react-native/blob/a06778a2f60f62fa11bb2c6bfa5d7e0eed5679dc/yarn.lock#L9682)

* [lightningcss-win32-x64-msvc 1.32.0](https://github.com/atomicfi/atomic-transact-react-native/blob/a06778a2f60f62fa11bb2c6bfa5d7e0eed5679dc/yarn.lock#L9689)

* [lightningcss 1.32.0](https://github.com/atomicfi/atomic-transact-react-native/blob/a06778a2f60f62fa11bb2c6bfa5d7e0eed5679dc/yarn.lock#L9696)

Nothing from these packages is ever packaged in our sdk or shipped to customers. It is coming from our example app codes transitive deps.