Add npm audit gate to CI and publish workflows

Fails the pipeline if production dependencies have known vulnerabilities.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: BrainSlugs83

.github/workflows/ci.yml

@@ -18,6 +18,7 @@ jobs:
         with:
           node-version: ${{ matrix.node-version }}
       - run: npm ci
+      - run: npm audit --omit=dev
       # Node 22+ supports coverage thresholds; Node 20 runs tests only
       - name: Lint + test with 100% coverage
         if: matrix.node-version >= 22

.github/workflows/publish.yml

@@ -24,6 +24,7 @@ jobs:
 
       - run: npm install -g npm@latest
       - run: npm ci
+      - run: npm audit --omit=dev
 
       # Bump package.json to the requested version
       - name: Set version