Feat/php ci workflows

[spexii]

Description

Adds PHP / Symfony lint and CI pipeline support to platform-tooling, bringing PHP closer to parity with the existing Node and Python coverage.

New reusable workflows:

• php-lint: runs PHP_CodeSniffer and PHPStan in parallel, plus hadolint for Docker lint
• php-test: installs Composer dependencies and runs PHPUnit (unit tests only)
• php-ci: full CI pipeline: security -> lint + test (parallel) -> vulnerability scan
• php-daily: nightly pipeline: full CI + OWASP ZAP DAST scan in parallel

Type of change

• Bug fix (non-breaking change that fixes an issue)
• New feature (non-breaking change that adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Refactoring (no functional changes)
• Documentation update
• CI/CD or tooling change

How has this been tested?

• Unit tests
• Integration tests
• Manual testing

Checklist

• My code follows the project's style guidelines
• I have performed a self-review of my code
• I have added/updated tests that prove my fix or feature works
• I have updated the documentation accordingly
• My changes do not introduce new warnings or errors
• Any dependent changes have been merged and published

Screenshots / recordings (if applicable)

N/A

Additional context

• phpcs and phpstan must be installed as Composer dev dependencies in the consuming project (vendor/bin/phpcs and vendor/bin/phpstan). The workflow fails immediately with a clear error if either binary is missing.
• If a project has phpcs.xml or phpstan.neon committed, those config files take precedence over all workflow inputs
• After merge, all # pt-sha references across all workflow files must be updated to the new merge commit SHA using the bump process in the README

[orangit-sami-bister]

It is consistent with other ones. Looks good. great jib