feat: add repository hygiene and automated releases infrastructure

[Copilot]

Description

Adds automated release management, security scanning, and repository hygiene infrastructure. CI now conditionally detects and runs ecosystem-specific checks (Node/Python/Docker). Release-please automates versioning and changelogs based on conventional commits.

Type of Change

• ✨ New feature (non-breaking change which adds functionality)
• 🔨 Build/CI updates
• 📚 Documentation update

Changes Made

Workflows:

• .github/workflows/ci.yml: Conditional ecosystem detection via file existence checks; runs lint/test/build for Node.js, Python, Docker when present; explicit GITHUB_TOKEN permissions on all jobs
• .github/workflows/codeql.yml: Security scanning for JavaScript/TypeScript and Python; runs on push, PR, and weekly schedule
• .github/workflows/release-please.yml: Automated CHANGELOG generation, version bumps, and GitHub Releases using conventional commits

Configuration:

• release-please-config.json + .release-please-manifest.json: Manifest mode release management (current: 2.0.0)
• .github/dependabot.yml: Weekly updates for npm (root/backend/frontend), pip (python-service), and GitHub Actions
• .github/labeler.yml: Auto-labels PRs by changed paths (frontend/backend/python/docs/infra/tests/dependencies)
• .github/CODEOWNERS: Code ownership tracking (@lippytm)

Templates:

• .github/ISSUE_TEMPLATE/bug_report.md + feature_request.md: Markdown-based templates (replaced .yml variants)
• .github/pull_request_template.md: Moved from subdirectory to correct location

Documentation:

• CONTRIBUTING.md: Added conventional commits guide, lint/test/build instructions for all ecosystems
• README.md: Added CI/CD pipeline overview, release-please usage, CodeQL and Dependabot documentation

Cleanup:

• Removed duplicate dependency-updates.yml (replaced by Dependabot)
• Removed old release.yml (replaced by release-please)
• Removed .yml issue templates

Testing

• All YAML/JSON files validated
• Code review completed, feedback addressed
• CodeQL security scan completed, alerts fixed
• No breaking changes

Checklist

• My code follows the code style of this project
• I have performed a self-review of my own code
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• New and existing unit tests pass locally with my changes

Additional Context

CI jobs run conditionally based on ecosystem file presence - passes gracefully if files missing. Release-please creates release PRs on main branch pushes; merge to publish. All workflows use minimal GITHUB_TOKEN permissions.

Original prompt

Add repository hygiene and automated releases.

Workflows:

• .github/workflows/ci.yml: use dorny/paths-filter to detect ecosystems; run conditionally:
  • Node/Next: if package.json present, set up node, npm ci, npm run lint --if-present, npm test --if-present, npm run build --if-present; cache npm.
  • Python: if pyproject.toml or requirements*.txt present, set up Python 3.11, pip install -r requirements*.txt if present, install ruff mypy pytest, run ruff check ., mypy . (if pyproject present) and pytest (allow no-tests case). Cache pip.
  • Docker: if Dockerfile present, docker build .
• .github/workflows/release-please.yml: release-please manifest mode. Add release-please-config.json with {"manifest": true, "packages": {".": {"release-type": "simple"}}} to generate CHANGELOG.md, tags, GitHub Releases on pushes to main and manual dispatch.
• .github/workflows/codeql.yml: enable CodeQL for javascript/typescript and python.
• Dependabot: .github/dependabot.yml for npm, pip, github-actions weekly.

Templates & repo hygiene:

• .github/ISSUE_TEMPLATE/bug_report.md and feature_request.md; .github/pull_request_template.md.
• .github/CODEOWNERS placeholder @lippytm.
• .github/labeler.yml to auto-label based on paths (frontend/backend/docs/infra/tests).
• CONTRIBUTING.md: branch/PR process, conventional commits recommended for release-please, how to run lint/test/build.
• Update README with CI/release overview, release-please usage, Dependabot/CodeQL notes.
• Add .env.example placeholder (no secrets), ensure .gitignore includes .env.

Keep changes minimal and conditional so CI passes if ecosystem files are missing. Target base branch main. Provide clear PR summary and testing notes.

This pull request was created from Copilot chat.

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.