ci(security): add prompt injection, base64, and secret scanning

Add CI security pipeline to catch prompt injection attacks, base64-obfuscated
payloads, leaked secrets, and .planning/ directory commits in PRs.

This is critical for get-shit-done because the entire codebase is markdown
prompts — a prompt injection in a workflow file IS the attack surface.

New files:
- scripts/prompt-injection-scan.sh: scans for instruction override, role
  manipulation, system boundary injection, DAN/jailbreak, and tool call
  injection patterns in changed files
- scripts/base64-scan.sh: extracts base64 blobs >= 40 chars, decodes them,
  and checks decoded content against injection patterns (skips data URIs
  and binary content)
- scripts/secret-scan.sh: detects AWS keys, OpenAI/Anthropic keys, GitHub
  PATs, Stripe keys, private key headers, and generic credential patterns
- .github/workflows/security-scan.yml: runs all three scans plus a
  .planning/ directory check on every PR
- .base64scanignore / .secretscanignore: per-repo false positive allowlists
- tests/security-scan.test.cjs: 51 tests covering script existence,
  pattern matching, false positive avoidance, and workflow structure

All scripts support --diff (CI), --file, and --dir modes. Cross-platform
(macOS + Linux). SHA-pinned actions. Environment variables used for
github context in run blocks (no direct interpolation).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

.github/workflows/security-scan.yml

@@ -0,0 +1,60 @@
+name: Security Scan
+
+on:
+  pull_request:
+    branches:
+      - main
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  security:
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
+        with:
+          fetch-depth: 0
+
+      - name: Prompt injection scan
+        env:
+          BASE_REF: ${{ github.base_ref }}
+        run: |
+          chmod +x scripts/prompt-injection-scan.sh
+          scripts/prompt-injection-scan.sh --diff "origin/$BASE_REF"
+
+      - name: Base64 obfuscation scan
+        env:
+          BASE_REF: ${{ github.base_ref }}
+        run: |
+          chmod +x scripts/base64-scan.sh
+          scripts/base64-scan.sh --diff "origin/$BASE_REF"
+
+      - name: Secret scan
+        env:
+          BASE_REF: ${{ github.base_ref }}
+        run: |
+          chmod +x scripts/secret-scan.sh
+          scripts/secret-scan.sh --diff "origin/$BASE_REF"
+
+      - name: Planning directory check
+        env:
+          BASE_REF: ${{ github.base_ref }}
+        run: |
+          # Ensure .planning/ runtime data is not committed in PRs
+          # (The GSD repo itself has .planning/ in .gitignore, but PRs
+          # from forks or misconfigured clones might include it)
+          PLANNING_FILES=$(git diff --name-only --diff-filter=ACMR "origin/$BASE_REF"...HEAD | grep '^\.planning/' || true)
+          if [ -n "$PLANNING_FILES" ]; then
+            echo "FAIL: .planning/ runtime data must not be committed to PRs"
+            echo "The following .planning/ files were found in this PR:"
+            echo "$PLANNING_FILES"
+            echo ""
+            echo "Add .planning/ to your .gitignore and remove these files from the commit."
+            exit 1
+          fi
+          echo "planning-dir-check: clean"