feat(program): embed security.txt with audit + contact info

Add solana-security-txt + default-env deps and embed a `security_txt!`
block in program/src/lib.rs so on-chain inspectors (and security
researchers) get a self-described pointer to the SECURITY.md, contact
endpoints, source repo, and audit report.

Identifies the binary as the "Foundation Build" of LazorKit Smart Wallet
to distinguish it from the lazorkit-protocol commercial binary that may
later occupy the same mainnet slot. source_revision and source_release
are populated from GITHUB_SHA / GITHUB_REF_NAME at CI build time.

Audit pointer is the existing Accretion Labs report shipped under
audits/.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: onspeedhp

program/Cargo.toml

@@ -21,6 +21,8 @@ pinocchio-system = { workspace = true }
 no-padding = { workspace = true }
 assertions = { workspace = true }
 shank = { version = "0.4.2", git = "https://github.com/anagrambuild/shank.git" }
+solana-security-txt = "1.1.2"
+default-env = "0.1"
 
 [dev-dependencies]
 solana-sdk = "2.1"

program/src/lib.rs

@@ -1,5 +1,22 @@
 #![allow(unexpected_cfgs)]
 
+#[cfg(not(feature = "no-entrypoint"))]
+use {default_env::default_env, solana_security_txt::security_txt};
+
+#[cfg(not(feature = "no-entrypoint"))]
+security_txt! {
+    name: "LazorKit Smart Wallet",
+    project_url: "https://lazorkit.com",
+    contacts: "email:security@lazorkit.app,link:https://github.com/lazor-kit/program-v2/security/advisories/new",
+    policy: "https://github.com/lazor-kit/program-v2/blob/main/SECURITY.md",
+
+    preferred_languages: "en,vi",
+    source_code: "https://github.com/lazor-kit/program-v2",
+    source_revision: default_env!("GITHUB_SHA", ""),
+    source_release: default_env!("GITHUB_REF_NAME", ""),
+    auditors: "Accretion Labs (Solana Foundation) — https://github.com/lazor-kit/program-v2/blob/main/audits/2026-accretion-solana-foundation-lazorkit-audit-A26SFR1.pdf"
+}
+
 pub mod auth;
 pub mod compact;
 pub mod entrypoint;