docs(i6): solidify I5_I6 design markdown; add Dependabot and ci-security (Trivy, npm audit)

Made-with: Cursor

.github/dependabot.yml

@@ -0,0 +1,24 @@
+version: 2
+updates:
+  - package-ecosystem: maven
+    directory: "/services"
+    schedule:
+      interval: weekly
+    open-pull-requests-limit: 5
+
+  - package-ecosystem: maven
+    directory: "/java"
+    schedule:
+      interval: weekly
+    open-pull-requests-limit: 5
+
+  - package-ecosystem: npm
+    directory: "/web/delivery-platform-ui"
+    schedule:
+      interval: weekly
+    open-pull-requests-limit: 5
+
+  - package-ecosystem: github-actions
+    directory: "/"
+    schedule:
+      interval: monthly

.github/workflows/ci-java.yml

@@ -2,9 +2,9 @@ name: ci-java
 
 on:
   push:
-    branches: [main, master]
+    branches: [main, master, develop]
   pull_request:
-    branches: [main, master]
+    branches: [main, master, develop]
 
 jobs:
   maven:

.github/workflows/ci-platform.yml

@@ -2,14 +2,14 @@ name: ci-platform
 
 on:
   push:
-    branches: [main, master]
+    branches: [main, master, develop]
     paths:
       - "services/**"
       - "web/**"
       - "contracts/**"
       - ".github/workflows/ci-platform.yml"
   pull_request:
-    branches: [main, master]
+    branches: [main, master, develop]
     paths:
       - "services/**"
       - "web/**"

.github/workflows/ci-security.yml

@@ -0,0 +1,53 @@
+name: ci-security
+
+on:
+  push:
+    branches: [main, master, develop]
+  pull_request:
+    branches: [main, master, develop]
+  workflow_dispatch:
+
+jobs:
+  trivy-maven-modules:
+    name: Trivy (Java / Maven manifests)
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - scan-ref: services
+          - scan-ref: java
+    steps:
+      - uses: actions/checkout@v4
+      - name: Run Trivy filesystem scan
+        uses: aquasecurity/trivy-action@0.28.0
+        with:
+          scan-type: fs
+          scan-ref: ${{ matrix.scan-ref }}
+          scanners: vuln
+          vuln-type: os,library
+          severity: CRITICAL,HIGH
+          exit-code: "1"
+          ignore-unfixed: true
+
+  npm-audit-ui:
+    name: npm audit (delivery-platform-ui)
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    defaults:
+      run:
+        working-directory: web/delivery-platform-ui
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+          cache: npm
+          cache-dependency-path: web/delivery-platform-ui/package-lock.json
+      - name: Install and audit
+        run: |
+          npm ci
+          npm audit --audit-level=high