feat: The Other Dude v9.0.1 — full-featured email system

ci: add GitHub Pages deployment workflow for docs site

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

.github/workflows/security-scan.yml

@@ -0,0 +1,56 @@
+name: Container Security Scan
+
+on:
+  push:
+    branches: [main, master]
+  pull_request:
+    branches: [main, master]
+
+jobs:
+  trivy-scan:
+    name: Trivy Container Scan
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      # Build and scan each container image sequentially to avoid OOM.
+      # Scans are BLOCKING (exit-code: 1) — HIGH/CRITICAL CVEs fail the pipeline.
+      # Add base-image CVEs to .trivyignore with justification if needed.
+
+      - name: Build API image
+        run: docker build -f infrastructure/docker/Dockerfile.api -t mikrotik-api:scan .
+
+      - name: Scan API image
+        uses: aquasecurity/trivy-action@0.33.1
+        with:
+          image-ref: "mikrotik-api:scan"
+          format: "table"
+          exit-code: "1"
+          severity: "HIGH,CRITICAL"
+          trivyignores: ".trivyignore"
+
+      - name: Build Poller image
+        run: docker build -f poller/Dockerfile -t mikrotik-poller:scan ./poller
+
+      - name: Scan Poller image
+        uses: aquasecurity/trivy-action@0.33.1
+        with:
+          image-ref: "mikrotik-poller:scan"
+          format: "table"
+          exit-code: "1"
+          severity: "HIGH,CRITICAL"
+          trivyignores: ".trivyignore"
+
+      - name: Build Frontend image
+        run: docker build -f infrastructure/docker/Dockerfile.frontend -t mikrotik-frontend:scan .
+
+      - name: Scan Frontend image
+        uses: aquasecurity/trivy-action@0.33.1
+        with:
+          image-ref: "mikrotik-frontend:scan"
+          format: "table"
+          exit-code: "1"
+          severity: "HIGH,CRITICAL"
+          trivyignores: ".trivyignore"