Add Dependabot configuration and security workflows

[MrMiless44]

Motivation / Background

This Pull Request has been created because [REPLACE ME]

Detail

This Pull Request changes [REPLACE ME]

Additional information

Checklist

Before submitting the PR make sure the following are checked:

• This Pull Request is related to one change. Unrelated changes should be opened in separate PRs.
• Commit message has a detailed description of what changed and why. If this PR fixes a related issue include it in the commit message. Ex: [Fix #issue-number]
• CHANGELOG files are updated for the changed libraries if there is a behavior change or additional feature. Minor bug fixes and documentation changes should not be included.

[Copilot]

Pull request overview

Adds baseline security governance and automation to the repo by introducing a security policy, enabling dependency review on PRs, and configuring Dependabot + CODEOWNERS for dependency/security-sensitive areas.

Changes:

• Add SECURITY.md vulnerability reporting guidance.
• Add a Dependency Review GitHub Action workflow for PRs targeting main.
• Add Dependabot configuration (npm, composer, GitHub Actions) and CODEOWNERS rules for sensitive files/paths.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File	Description
SECURITY.md	Adds a security policy and vulnerability reporting instructions.
.github/workflows/dependency-review.yml	Introduces a PR-time dependency review job to block high-severity vulnerable dependency changes.
.github/dependabot.yml	Configures automated dependency update PRs for npm/composer/actions with grouping and labels.
.github/CODEOWNERS	Requires review for workflows, dependency manifests/locks, and other sensitive config areas.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.