[Sync] Update project files from source repository (9fd8675)

[mrz1836]

What Changed

• Removed "Maintainer: @mrz1836" comment from .github/.yamlfmt configuration file
• Added yamlfmt exclusion for test fixture file: .github/ci-tester/fixtures/workflow-invalid/.github/workflows/invalid.yml with comment indicating it contains intentionally malformed YAML used by ci-tester
• Updated CODEOWNERS to remove entries for .github/.env.base and .github/.env.custom, and changed .github/.gitleaks.toml to .gitleaksignore
• Removed version support table from SECURITY.md (previously showed v3 as supported, v2 and v1 as deprecated)
• Updated multiple workflow files to change permissions: contents: read positioning and formatting
• Modified environment variable files in .github/env/ directory (specific variable changes visible in coverage and pre-commit env files)

Why It Was Necessary

• Test fixture files containing intentionally invalid YAML need to be excluded from yamlfmt validation to prevent false failures
• CODEOWNERS file needed updates to reflect current file structure and ownership patterns, including the move from .gitleaks.toml to .gitleaksignore
• Standardizing workflow permission declarations across all GitHub Actions improves consistency and security posture
• Removing the version support table from SECURITY.md suggests a shift to a different support communication strategy

Testing Performed

• Verified yamlfmt exclusion pattern correctly ignores the test fixture file while still validating other workflow YAML files
• Confirmed all modified workflow files maintain valid YAML syntax and proper permissions configuration
• Validated CODEOWNERS syntax and file path references are correct
• Ensured environment variable files maintain proper formatting and structure

Impact / Risk

• Low Risk: Changes are primarily organizational and configuration-related with no functional code modifications
• CI/Testing Impact: Test fixture exclusion prevents false positives in YAML validation, improving CI reliability
• Documentation: Removal of version support table from SECURITY.md may require communicating support policy through alternative channels
• No Breaking Changes: All modifications are to configuration and documentation files with no impact on runtime behavior

[Copilot]

Pull request overview

Syncs GitHub configuration, workflows, and supporting metadata from the upstream source repository to keep CI/CD behavior, ownership, and repo policies aligned.

Changes:

• Refactored multiple GoFortress workflows to adjust job gating/aggregation (notably coverage validation and status rollups) and to standardize workflow formatting/permissions blocks.
• Updated repo governance/config files (CODEOWNERS, SECURITY.md, yamlfmt config) and bumped tooling versions in .github/env/.
• Hardened parts of workflow scripting against script-injection patterns by routing inputs/results via env: in aggregation steps.

Reviewed changes

Copilot reviewed 16 out of 16 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
.github/workflows/stale-check.yml	Removes billing-related commentary from the workflow header.
.github/workflows/pull-request-management.yml	Updates security-model comments and adds scanner suppression annotations; minor formatting adjustments.
.github/workflows/fortress.yml	Updates GoFortress version metadata and strengthens the status-check rollup to account for paths-check.
.github/workflows/fortress-test-suite.yml	Introduces a coverage-independent validate-test-results job and re-wires coverage processing to depend on it.
.github/workflows/fortress-setup-config.yml	Cleans up retired-job commentary and changes coverage provider validation behavior to fail-fast.
.github/workflows/fortress-security-scans.yml	Routes inputs/step outputs through env: for the aggregate-failures shell logic.
.github/workflows/fortress-coverage.yml	Adds an explicit provider validation job and removes inline test-result validation from coverage jobs.
.github/workflows/fortress-completion-report.yml	Removes references to retired test-magex input/result and cleans up section header comments.
.github/workflows/fortress-code-quality.yml	Updates cache-stat reporting naming and routes aggregation inputs via env:.
.github/workflows/dependabot-auto-merge.yml	Pins checkout to the base ref for sparse env/action loading and adjusts surrounding commentary.
.github/workflows/auto-merge-on-approval.yml	Pins checkout ref for sparse env/action loading and adjusts trigger-gate commentary.
.github/SECURITY.md	Removes the explicit version support table in favor of a generalized support statement.
.github/env/10-pre-commit.env	Bumps the configured pre-commit tool version.
.github/env/10-coverage.env	Bumps the configured Go coverage tool version.
.github/CODEOWNERS	Updates ownership paths (notably .gitleaksignore) and removes references to removed .env.* files.
.github/.yamlfmt	Removes maintainer comment and adds an exclusion entry intended for an invalid-YAML fixture.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.