chore: implement GitHub best practices (Phase 4 & 5)

- Add Dependabot configuration for automated dependency updates
- Add issue templates (bug report, feature request)
- Add pull request template
- Add CI/CD workflows
- Add security workflows (CodeQL, dependency review)
- Add stale issue management
- Add Dependabot auto-merge workflow
- Add CODEOWNERS file
- Add SECURITY.md
- Add CONTRIBUTING.md
- Add CODE_OF_CONDUCT.md

Part of Sensible Analytics GitHub improvement initiative.

Author: rprabhat

.github/CODEOWNERS

@@ -0,0 +1,15 @@
+# Default CODEOWNERS for Sensible Analytics repositories
+
+# Global fallback - all files
+* @Sensible-Analytics/engineering
+
+# Organization-level files
+.github/ @Sensible-Analytics/engineering
+CODEOWNERS @Sensible-Analytics/engineering
+LICENSE @Sensible-Analytics/engineering
+SECURITY.md @Sensible-Analytics/engineering
+
+# Documentation
+README.md @Sensible-Analytics/engineering
+CONTRIBUTING.md @Sensible-Analytics/engineering
+CODE_OF_CONDUCT.md @Sensible-Analytics/engineering

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,114 @@
+name: 🐛 Bug Report
+description: Report a bug or unexpected behavior
+labels: ["bug", "triage"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to report a bug! Please search existing issues first to avoid duplicates.
+        
+        ⚠️ **Security Issues**: Do NOT use this template for security vulnerabilities. 
+        Please email [security@sensibleanalytics.co](mailto:security@sensibleanalytics.co) instead.
+
+  - type: checkboxes
+    id: pre-flight
+    attributes:
+      label: Pre-flight Checks
+      description: Please confirm you've completed these steps
+      options:
+        - label: I have searched for existing issues (open and closed)
+          required: true
+        - label: I am using the latest version of the software
+          required: true
+        - label: I have read the relevant documentation
+          required: false
+
+  - type: textarea
+    id: description
+    attributes:
+      label: Bug Description
+      description: A clear and concise description of what the bug is
+      placeholder: |
+        When I try to [action], [unexpected behavior] happens instead of [expected behavior].
+    validations:
+      required: true
+
+  - type: textarea
+    id: reproduction
+    attributes:
+      label: Steps to Reproduce
+      description: Steps to reproduce the behavior
+      placeholder: |
+        1. Go to '...'
+        2. Click on '...'
+        3. Scroll down to '...'
+        4. See error
+    validations:
+      required: true
+
+  - type: textarea
+    id: expected
+    attributes:
+      label: Expected Behavior
+      description: What you expected to happen
+      placeholder: I expected the application to...
+    validations:
+      required: true
+
+  - type: textarea
+    id: actual
+    attributes:
+      label: Actual Behavior
+      description: What actually happened
+      placeholder: Instead, the application...
+    validations:
+      required: true
+
+  - type: textarea
+    id: environment
+    attributes:
+      label: Environment
+      description: |
+        Please provide details about your environment:
+        - OS: [e.g., macOS, Windows, Linux]
+        - Browser: [e.g., Chrome, Safari, Firefox] (if applicable)
+        - Node.js version: [e.g., 18.17.0] (run `node --version`)
+        - Package version: [e.g., 1.2.3]
+      render: bash
+      placeholder: |
+        OS: macOS 14.0
+        Browser: Chrome 120
+        Node.js: 18.17.0
+        Package Version: 1.2.3
+    validations:
+      required: true
+
+  - type: textarea
+    id: logs
+    attributes:
+      label: Logs & Screenshots
+      description: |
+        If applicable, add screenshots, error messages, or log output to help explain your problem.
+        
+        Tip: For long logs, use `<details><summary>Click to expand</summary>...logs...</details>`
+
+  - type: dropdown
+    id: severity
+    attributes:
+      label: Severity
+      description: How severe is this issue?
+      options:
+        - Critical - Application crashes or data loss
+        - High - Major feature broken, workaround difficult
+        - Medium - Feature partially broken, workaround exists
+        - Low - Minor issue, cosmetic, or enhancement
+      default: 2
+
+  - type: checkboxes
+    id: terms
+    attributes:
+      label: Code of Conduct
+      description: By submitting this issue, you agree to follow our [Code of Conduct](../CODE_OF_CONDUCT.md)
+      options:
+        - label: I agree to follow this project's Code of Conduct
+          required: true

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,17 @@
+blank_issues_enabled: false
+contact_links:
+  - name: ❓ Ask a Question
+    url: https://github.com/orgs/Sensible-Analytics/discussions/categories/q-a
+    about: Ask questions and get help from the community
+  
+  - name: 💡 Feature Ideas & Discussions
+    url: https://github.com/orgs/Sensible-Analytics/discussions/categories/ideas
+    about: Share and discuss feature ideas before creating a formal request
+  
+  - name: 🛡️ Report a Security Vulnerability
+    url: https://github.com/Sensible-Analytics/.github/blob/main/SECURITY.md
+    about: Please report security vulnerabilities privately via email
+  
+  - name: 📖 Documentation Issue
+    url: https://github.com/Sensible-Analytics/.github/issues/new?template=bug_report.yml
+    about: Report documentation errors or suggest improvements

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -0,0 +1,79 @@
+name: ✨ Feature Request
+description: Suggest a new feature or improvement
+labels: ["enhancement", "triage"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to suggest a feature! Please search existing issues and discussions first.
+        
+        💡 **Tip**: For questions or help, use [Discussions](https://github.com/orgs/Sensible-Analytics/discussions) instead.
+
+  - type: checkboxes
+    id: pre-flight
+    attributes:
+      label: Pre-flight Checks
+      options:
+        - label: I have searched for existing feature requests
+          required: true
+        - label: This is a feature request (not a bug report or question)
+          required: true
+
+  - type: textarea
+    id: problem
+    attributes:
+      label: Is your feature request related to a problem?
+      description: A clear and concise description of what the problem is
+      placeholder: |
+        I'm always frustrated when [...] happens because [...]
+    validations:
+      required: true
+
+  - type: textarea
+    id: solution
+    attributes:
+      label: Describe the solution you'd like
+      description: A clear and concise description of what you want to happen
+      placeholder: |
+        I would like to see [...] implemented so that [...]
+    validations:
+      required: true
+
+  - type: textarea
+    id: alternatives
+    attributes:
+      label: Describe alternatives you've considered
+      description: A clear and concise description of any alternative solutions or features you've considered
+      placeholder: |
+        I considered [...] but [...]
+
+  - type: textarea
+    id: context
+    attributes:
+      label: Additional Context
+      description: Add any other context, screenshots, or examples about the feature request here
+      placeholder: |
+        Use cases:
+        - As a [type of user], I want [goal] so that [benefit]
+        - This would help with [...]
+
+  - type: dropdown
+    id: priority
+    attributes:
+      label: Priority
+      description: How important is this feature to you?
+      options:
+        - Critical - Blocking my work
+        - High - Would significantly improve my workflow
+        - Medium - Nice to have
+        - Low - Would be convenient
+      default: 2
+
+  - type: checkboxes
+    id: terms
+    attributes:
+      label: Code of Conduct
+      description: By submitting this issue, you agree to follow our [Code of Conduct](../CODE_OF_CONDUCT.md)
+      options:
+        - label: I agree to follow this project's Code of Conduct
+          required: true

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,70 @@
+## Summary
+
+<!-- Provide a brief summary of the changes made in this PR -->
+
+## Changes
+
+<!-- Describe the specific changes made -->
+- 
+- 
+- 
+
+## Motivation
+
+<!-- Why were these changes necessary? Link to any related issues -->
+Fixes # (issue number)
+
+## Type of Change
+
+- [ ] 🐛 Bug fix (non-breaking change which fixes an issue)
+- [ ] ✨ New feature (non-breaking change which adds functionality)
+- [ ] 💥 Breaking change (fix or feature that would cause existing functionality to not work as expected)
+- [ ] 📚 Documentation update
+- [ ] 🔧 Refactoring (no functional changes)
+- [ ] ⚡ Performance improvement
+- [ ] 🧪 Tests (adding missing tests or correcting existing tests)
+- [ ] 🔨 Build/CI related changes
+
+## Testing
+
+<!-- Describe the tests you ran and how to reproduce them -->
+- [ ] Unit tests pass (`npm test` or `pytest`)
+- [ ] Integration tests pass
+- [ ] Manual testing performed
+- [ ] Tested on [list platforms/environments]
+
+**Test Instructions:**
+```bash
+# Provide commands to test these changes
+```
+
+## Checklist
+
+- [ ] My code follows the project's style guidelines
+- [ ] I have performed a self-review of my code
+- [ ] I have commented my code, particularly in hard-to-understand areas
+- [ ] I have made corresponding changes to the documentation
+- [ ] My changes generate no new warnings
+- [ ] I have added tests that prove my fix is effective or that my feature works
+- [ ] New and existing unit tests pass locally with my changes
+- [ ] Any dependent changes have been merged and published
+
+## Screenshots (if applicable)
+
+<!-- Add screenshots to help explain your changes -->
+
+## Breaking Changes
+
+<!-- If this is a breaking change, describe the impact and migration path -->
+- **Breaking:** [description of breaking change]
+- **Migration:** [how to migrate existing code]
+
+## Additional Notes
+
+<!-- Any additional information that reviewers should know -->
+
+---
+
+**Reviewers:** @Sensible-Analytics/engineering
+
+**Related Issues:** Fixes #, Relates to #

.github/dependabot.yml

@@ -0,0 +1,71 @@
+# Dependabot configuration for TypeScript/JavaScript projects
+# Template for: folio, CardScannerApp, crewcircle, rental-app
+
+version: 2
+
+updates:
+  # npm packages - Weekly check with grouping
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+      timezone: "Australia/Sydney"
+    open-pull-requests-limit: 10
+    versioning-strategy: increase-if-necessary
+    labels:
+      - "dependencies"
+      - "npm"
+    reviewers:
+      - "Sensible-Analytics/engineering"
+    commit-message:
+      prefix: "chore(deps)"
+      include: "scope"
+    groups:
+      # Group production dependencies
+      production:
+        dependency-type: "production"
+        update-types:
+          - "minor"
+          - "patch"
+      # Group development dependencies
+      development:
+        dependency-type: "development"
+        update-types:
+          - "minor"
+          - "patch"
+      # Security updates (always separate)
+      security:
+        patterns:
+          - "*"
+        update-types:
+          - "patch"
+        applies-to: security-updates
+    ignore:
+      # Ignore major updates initially (manual review required)
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major"]
+
+  # GitHub Actions - Weekly check
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+      timezone: "Australia/Sydney"
+    open-pull-requests-limit: 20
+    labels:
+      - "dependencies"
+      - "github-actions"
+    reviewers:
+      - "Sensible-Analytics/engineering"
+    commit-message:
+      prefix: "ci"
+      include: "scope"
+    groups:
+      actions:
+        patterns:
+          - "*"
+    rebase-strategy: auto