Add security-infra-expert agent and register it in Phase D (Advanced Security)

[Copilot]

This PR introduces a new Agent Factory-delivered specialist for GitHub native security operations and wires it into the marketplace catalog. The new agent defines a concrete Phase D workflow for CodeQL, Dependabot, and .gitignore secret-leak auditing.

• New security specialist agent (agents/security-infra-expert.agent.md)

  • Adds a full .agent.md contract (frontmatter, intent, intake, workflow, anti-patterns, quality bar, output contract).
  • Encodes the requested workflow:
    • detect CodeQL status via gh CLI
    • generate stack-aware .github/workflows/codeql-analysis.yml
    • verify Dependabot posture and generate .github/dependabot.yml
    • audit .gitignore for secret-leak patterns (*.pem, .env*, *.key)
  • Includes explicit mode handling (audit-only vs audit + generation) and CONFIRM gating before write guidance.

• Registry integration (registry.json)

  • Registers security-infra-expert under assets.agents.
  • Adds security-infra-expert to core.github_100_percent.phases.D.assets (Advanced Security).
  • Updates registry metadata version/timestamp to reflect catalog change.

"security-infra-expert": {
  "id": "security-infra-expert",
  "path": "agents/security-infra-expert.agent.md",
  "version": "1.0.0",
  "tags": ["security", "codeql", "dependabot", "phase-d"]
}

Original prompt

Aja como o Agent Factory para criar o @security-infra-expert.
Missão do Agente: Configurar e auditar a segurança nativa do GitHub.
Workflow do Agente:
Detectar se CodeQL está ativo via gh cli.
Gerar o arquivo .github/workflows/codeql-analysis.yml otimizado para a stack detectada.
Verificar o status do Dependabot e gerar o dependabot.yml.
Auditar o arquivo .gitignore em busca de padrões que possam vazar segredos (como arquivos .pem, .env, .key).
Entrega: Gere o .agent.md e registre-o no registry.json na Fase D (Advanced Security).

The user has attached the following file paths as relevant context:

• .github\copilot-instructions.md

Created from VS Code.

[Copilot]

Pull request overview

This PR adds a new Phase D (Advanced Security) specialist agent focused on auditing and preparing GitHub-native security configurations (CodeQL, Dependabot, and .gitignore secret-leak safeguards) and integrates it into the marketplace registry so it can be installed via the governance model.

Changes:

• Added a new .agent.md artifact: security-infra-expert with an intake form, workflow, anti-patterns, quality bar, and output contract.
• Registered security-infra-expert in registry.json under assets.agents.
• Included security-infra-expert in core.github_100_percent.phases.D.assets and bumped registry version metadata.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File	Description
registry.json	Bumps registry version, registers the new agent in assets.agents, and adds it to Phase D assets.
agents/security-infra-expert.agent.md	Introduces the new Phase D security specialist agent contract (intake, workflow, confirmation gate, and output format).