fix: resolve code quality issues - pattern matching, cache logging, undefined handling

Fixed 3 code quality issues from CODE_QUALITY_REVIEW_2025.md following TDD methodology:

**Issue #6 (MEDIUM-HIGH): Watch service pattern matching**
- Problem: Only handled *.ext patterns, other glob patterns broken
- Fix: Replaced simple string matching with minimatch for proper glob support
- Tests: +4 comprehensive tests for exact filenames, prefix wildcards, complex patterns
- Location: src/services/watch.ts:93-108
- Dependencies: Added minimatch@^9.0.5

**Issue #11 (MEDIUM): Silent cache error recovery**
- Problem: Cache corruption silently deleted entries without logging
- Fix: Added console.warn() logging with key and error message
- Tests: +1 test for cache corruption detection and logging
- Location: src/storage/cache.ts:138-141
- Impact: Improves observability and debugging of cache issues

**Issue #10 (LOW): Fragile undefined handling**
- Problem: Used magic string '__UNDEFINED__' for undefined values
- Fix: Don't cache undefined values at all (cleaner approach)
- Tests: Updated 1 test to expect new behavior (return null for cache miss)
- Location: src/storage/cache.ts:157-162
- Impact: Eliminates code smell and simplifies caching logic

**Test Results:**
- Total tests: 1170 (up from 1165, +5 new tests)
- Test pass rate: 100%
- No regressions

**Remaining Issues (require significant refactoring):**
- Issue #8 (MEDIUM): Redundant file system calls
- Issue #9 (MEDIUM): Cache eviction efficiency

All fixes follow TDD approach: RED → GREEN → REFACTOR

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Author: sjsyrek

.github/workflows/security.yml

@@ -0,0 +1,50 @@
+name: Security Audit
+
+on:
+  push:
+    branches: [ main, develop ]
+  pull_request:
+    branches: [ main, develop ]
+  schedule:
+    # Run security audit daily at 2 AM UTC
+    - cron: '0 2 * * *'
+
+jobs:
+  security:
+    name: Security Checks
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '18'
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Run npm audit
+        run: npm audit --audit-level=moderate
+        continue-on-error: false
+
+      - name: Type check
+        run: npm run type-check
+
+      - name: Lint
+        run: npm run lint
+
+      - name: Run tests
+        run: npm test
+
+      - name: Security summary
+        if: success()
+        run: |
+          echo "✅ All security checks passed"
+          echo "- npm audit: PASS"
+          echo "- TypeScript: PASS"
+          echo "- ESLint: PASS"
+          echo "- Tests: PASS"