feat: add security audit workflow and fix crates.io README display

[joshrotenberg]

Summary

Adds security auditing to our CI pipeline and fixes README display on crates.io for all packages.

Security Improvements 🔒

• cargo-audit: Checks for known vulnerabilities in dependencies
• cargo-deny: License and security policy enforcement (setup required)
• Dependency review: Reviews dependency changes in PRs
• SARIF integration: Results appear in GitHub Security tab
• Daily scans: Scheduled audit runs every 24 hours

README Fix 📚

• Added readme = "../../README.md" to all Cargo.toml files
• This ensures the README displays properly on:
  • https://crates.io/crates/redisctl
  • https://crates.io/crates/redis-cloud
  • https://crates.io/crates/redis-enterprise
  • https://crates.io/crates/redis-common

Workflow Optimization Findings

Based on audit of existing workflows:

✅ Current Good Practices

• Using Swatinem/rust-cache@v2 for caching
• Running tests in parallel across OS matrix
• Using taiki-e/install-action for tool installation

🚀 Recommended Improvements

1. Add concurrency groups to cancel duplicate runs
2. Cache on failure for better iteration speed
3. Pin action versions to commit SHAs for security
4. Add path filters to avoid unnecessary runs
5. Consider sccache for distributed build caching

Testing

The security workflow will run on this PR. Initial runs may show warnings until deny.toml is configured.

Next Steps

1. Configure deny.toml for license and security policies
2. Add CodeQL analysis for Rust (when available)
3. Consider SLSA provenance for releases
4. Add badge to README for security status

Addresses #19