Add security scanning to CI pipeline

- Add pip-audit check to PR workflow (non-blocking warning)
- Add npm audit check to PR workflow (non-blocking, high severity only)
- Create scheduled weekly security audit workflow that:
  - Runs strict pip-audit and npm audit
  - Creates/updates GitHub issues when vulnerabilities found
  - Uploads audit results as artifacts
  - Supports manual trigger via workflow_dispatch

.github/workflows/ci.yml

@@ -146,7 +146,7 @@ jobs:
 
       - name: Run npm audit
         working-directory: frontend
-        run: npm audit --audit-level=moderate
+        run: npm audit --audit-level=high
 
   frontend-typecheck:
     name: Frontend Type Check

.github/workflows/security.yml

@@ -130,7 +130,7 @@ jobs:
         working-directory: frontend
         run: |
           npm audit --json > npm-audit-results.json || echo "vulnerabilities_found=true" >> $GITHUB_OUTPUT
-          npm audit --audit-level=moderate || true
+          npm audit --audit-level=high || true
 
       - name: Upload audit results
         if: always()