ci: add bookmd security scanner (advisory)

[abir-vim]

Add bookmd security scanner (advisory)

This adds the self-contained org security scanner as .github/workflows/security.yml.

Advisory only — this does not block merges. On each PR it:

• runs OSV-Scanner on dependencies,
• runs a Claude (Bedrock) review across four phases (pr-review, architecture, taint, deps),
• posts a sticky Security Scanner Results comment with findings.

The in-job Security Gate ships disabled (BLOCK_ON_SEVERITY: none). To enforce later, set
BLOCK_ON_SEVERITY: critical in the workflow and add the AI security scan (phases 1-4) check to
this repo's branch protection.

Bedrock auth is via GitHub OIDC (no secrets). Optional org secrets: SCANNER_STATS_URL /
SCANNER_STATS_TOKEN (monitoring), SOCKET_API_TOKEN (Socket MCP).

🤖 Generated with Claude Code

[github-actions]

Security Scanner Results

Scanned PR #1 — diff adds a single file (.github/workflows/security.yml), the org PR security scanner workflow. No application code changed. All four phases (pr-review, architecture, taint, deps) completed. OSV results were empty; no dependency findings.

Severity	Count
🔴 Critical	0
🟠 High	0
🟡 Medium	1
🔵 Low	2
⚪ Info	1

Findings

• 🟡 OSV-Scanner binary downloaded from 'latest' with no integrity verification — .github/workflows/security.yml:40
• 🔵 AI scan grants Bash(gh api:*) to a model fed untrusted PR diff content — .github/workflows/security.yml:182
• 🔵 Write permissions granted at workflow scope to jobs that only need read — .github/workflows/security.yml:17
• ⚪ Attacker-controlled PR title/branch flow only into the stats ingest payload (no reachable sink) — .github/workflows/security.yml:339

No critical or high findings. Gate is advisory (BLOCK_ON_SEVERITY=none).