docs: add GitHub Actions workflow guide + desloppify + threat-db v2.7.0

- guide/workflows/github-actions.md (new): 5 production patterns with
  claude-code-action (on-demand @claude, auto push review, issue triage,
  security review, scheduled maintenance), auth alternatives, cost control
- guide/ultimate-guide.md: GitHub Actions cross-ref + desloppify tool
  (vibe code quality fix-loop, community tool, ~2K stars, Feb 2026)
- examples/commands/resources/threat-db.yaml: v2.7.0, +5 threat sources
  (Azure MCP SSRF CVE-2026-26118, OpenClaw, Taskflow, Codex Security,
  DryRun Security 87% vulnerability stat)
- CLAUDE.md: Behavioral Rules section (5 rules from observed friction)
- guide/workflows/README.md: github-actions entry + quick selection row
- IDEAS.md: CI/CD Workflows Gallery marked complete
- CHANGELOG.md: [Unreleased] entries for all items

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

IDEAS.md

@@ -26,22 +26,9 @@ Unified security research covering MCP vulnerabilities, prompt injection, and se
 
 ## Medium Priority
 
-### CI/CD Workflows Gallery
-Concrete GitHub Actions examples for Claude Code integration.
+### CI/CD Workflows Gallery ✅
 
-**Topics:**
-- Automated PR review workflows
-- Test generation pipelines
-- Cost optimization patterns for API calls in CI
-- Pre-commit hooks integration
-
-**Perplexity Query:**
-```
-GitHub Actions workflows for AI coding assistants 2024-2025:
-- Automated code review with Claude/GPT
-- Cost optimization for API calls in CI/CD
-- Real examples from open source projects
-```
+**Completed**: [GitHub Actions Workflows](./guide/workflows/github-actions.md) — 5 patterns using `anthropics/claude-code-action` (PR review, auto-review, issue triage, security, scheduled maintenance). Includes cost control, fork safety, Bedrock/Vertex auth alternatives. Cross-linked from section 9.3 of the main guide.
 
 ### MCP Server Catalog
 Exhaustive list of MCP servers with real-world use cases.