chore: add community health files and CI workflow

[saagpatel]

Summary

• Adds CHANGELOG.md (Keep a Changelog format)
• Adds CONTRIBUTING.md with dev setup and PR guidelines
• Adds SECURITY.md (browser-only note)
• Adds CI workflow (Node 20, npm ci, lint, vitest)
• Adds GitHub issue templates (bug + feature request)
• Adds PR template

Test plan

• CI workflow triggers on this PR
• All checks pass

🤖 Generated with Claude Code

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 870e5b54ad

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Keep vulnerability reporting channel private

The policy currently tells reporters to open a GitHub issue for security vulnerabilities, which makes disclosures public by default and can expose exploit details before a fix is available. This creates avoidable risk for users and maintainers; security reports should be routed through a private channel (for example, GitHub private vulnerability reporting/security advisories or a dedicated security email).

Useful? React with 👍 / 👎.