docs(i6): solidify I5_I6 design markdown; add Dependabot and ci-security (Trivy, npm audit)

Made-with: Cursor

.github/workflows/ci-security.yml

@@ -0,0 +1,53 @@
+name: ci-security
+
+on:
+  push:
+    branches: [main, master, develop]
+  pull_request:
+    branches: [main, master, develop]
+  workflow_dispatch:
+
+jobs:
+  trivy-maven-modules:
+    name: Trivy (Java / Maven manifests)
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - scan-ref: services
+          - scan-ref: java
+    steps:
+      - uses: actions/checkout@v4
+      - name: Run Trivy filesystem scan
+        uses: aquasecurity/trivy-action@0.28.0
+        with:
+          scan-type: fs
+          scan-ref: ${{ matrix.scan-ref }}
+          scanners: vuln
+          vuln-type: os,library
+          severity: CRITICAL,HIGH
+          exit-code: "1"
+          ignore-unfixed: true
+
+  npm-audit-ui:
+    name: npm audit (delivery-platform-ui)
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    defaults:
+      run:
+        working-directory: web/delivery-platform-ui
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+          cache: npm
+          cache-dependency-path: web/delivery-platform-ui/package-lock.json
+      - name: Install and audit
+        run: |
+          npm ci
+          npm audit --audit-level=high