Dependabot + cargo-audit in CI

[heymide]

Close: #85

Summary

Both files are committed to the repo:

dependabot.yml
— schema v2 with 4 ecosystem entries, all on a weekly Monday schedule:

cargo at /
npm at frontend/, alerts/, scripts/
rust-ci.yml
— new Rust CI workflow with:

Triggers on push and pull_request to main
permissions: contents: read (works for Dependabot PRs)
Stable Rust toolchain via dtolnay/rust-toolchain@stable
cargo-audit install with actions/cache@v4 keyed on CARGO_AUDIT_VERSION: "0.21.0" — skips reinstall on cache hit
cargo audit with continue-on-error: true — surfaces advisories as a visible failure while letting build/test still run; the overall workflow still fails and blocks PR merge
cargo build and cargo test as final steps

Related Issue

Closes #85

Checks

• I read the contribution guide.
• I kept this pull request scoped to the linked issue.
• I ran the relevant local checks or explained why they were skipped.
• For Drips wave issues, I claimed the issue before opening this pull request.

Notes for Reviewers

[drips-wave]

@heymide Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

[heymide]

Done, Close: #166