chore(security): add Dependabot cooldown, grouped updates, and use npm ci

[Copilot]

Hardens dependency management by adding Dependabot cooldown windows, rationalizing update groups, and switching CI to reproducible installs.

Dependabot (dependabot.yml)

• Added cooldown: default-days: 3 to both github-actions and npm entries — reduces noise from same-day patch floods
• github-actions: replaced granular production/dev groups with a single wildcard group (actions: patterns: ["*"]) since dependency-type is not meaningful for actions
• npm: existing production-dependencies / development-dependencies groups retained; cooldown added

CI (build.yml)

• npm install → npm ci — enforces lock-file integrity, fails fast on drift, faster in CI cache scenarios

[Copilot]

Pull request overview

This PR hardens dependency management by reducing Dependabot PR noise and making CI dependency installs reproducible via lockfile enforcement.

Changes:

• Switch GitHub Actions CI installs from npm install to npm ci for deterministic, lockfile-based installs.
• Add Dependabot cooldown windows (default-days: 3) for both github-actions and npm ecosystems.
• Simplify github-actions Dependabot grouping to a single wildcard group.

Show a summary per file

File	Description
.github/workflows/build.yml	Uses npm ci in CI to enforce package-lock.json fidelity and improve reproducibility.
.github/dependabot.yml	Adds cooldown windows and refactors grouping for GitHub Actions updates while keeping npm prod/dev grouping.

Copilot's findings

• Files reviewed: 2/2 changed files
• Comments generated: 0

[felickz]

👍 🤖🟢- Tests Pass