ci: add bookmd security scanner (advisory)

[abir-vim]

Add bookmd security scanner (advisory)

This adds the self-contained org security scanner as .github/workflows/security.yml.

Advisory only — this does not block merges. On each PR it:

• runs OSV-Scanner on dependencies,
• runs a Claude (Bedrock) review across four phases (pr-review, architecture, taint, deps),
• posts a sticky Security Scanner Results comment with findings.

The in-job Security Gate ships disabled (BLOCK_ON_SEVERITY: none). To enforce later, set
BLOCK_ON_SEVERITY: critical in the workflow and add the AI security scan (phases 1-4) check to
this repo's branch protection.

Bedrock auth is via GitHub OIDC (no secrets). Optional org secrets: SCANNER_STATS_URL /
SCANNER_STATS_TOKEN (monitoring), SOCKET_API_TOKEN (Socket MCP).

🤖 Generated with Claude Code

[cloudflare-workers-and-pages]

Deploying theme-editor-deploy with    Cloudflare Pages

Latest commit:	f1ea575
Status:	✅  Deploy successful!
Preview URL:	https://764d202e.theme-editor-deploy.pages.dev
Branch Preview URL:	https://chore-add-security-scanner.theme-editor-deploy.pages.dev

View logs

[github-actions]

Security Scanner Results

Scan scope: this PR adds a single file, .github/workflows/security.yml (an org-wide PR security-scanner workflow). The repo is a static Storybook build with no application source or dependency manifest, and osv-results.json is empty, so the only risk surface analyzed is the workflow itself. All four phases (pr-review, architecture, taint, deps) completed. No critical or high findings; nothing blocks.

Severity	Count
🔴 Critical	0
🟠 High	0
🟡 Medium	2
🔵 Low	2
⚪ Info	2

Findings

• 🟡 OSV-Scanner downloaded from 'latest' and executed without integrity check — .github/workflows/security.yml:40
• 🟡 Scanner model ingests attacker-influenced PR diff while holding gh api + write permissions — .github/workflows/security.yml:168
• 🔵 allowedTools grants Bash(gh api:*) — wider than the task requires — .github/workflows/security.yml:182
• 🔵 Third-party and first-party actions pinned to mutable tags, not commit SHAs — .github/workflows/security.yml:168
• ⚪ Security gate is advisory only (BLOCK_ON_SEVERITY=none) — .github/workflows/security.yml:255
• ⚪ SOCKET_API_TOKEN written to .security-scan/mcp.json in the workspace — .github/workflows/security.yml:79

Notes

• The workflow uses the pull_request trigger (not pull_request_target), so fork PRs run with a read-only token and no access to secrets — this correctly avoids the classic "pwn-request" vulnerability.
• Secrets are interpolated safely (jq --arg, env vars), not concatenated into shell strings.
• Dependency phase: OSV results empty and no manifest present; no dependency findings.

No findings at or above the configured block threshold.