chore(ci): replace secret-scanner.yml with reusable wrapper

[hyperpolymath]

Pins to hyperpolymath/standards#190 merge SHA 3e4bd4c93911750727e2e4c66dff859e00079da0. Force-propagates the shell-secrets job (added post-Cloudflare-leak 2026-05-21) to this repo's secret-scanning gate. Replaces ~75-116 lines with a ~14-line wrapper.

Part of estate-wide convergence campaign 2026-05-26 (standards#199 / #190).

Description

Related Issue

Closes #

Type of Change

• Bug fix (non-breaking change that fixes an issue)
• New feature (non-breaking change that adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Documentation update
• Refactoring (no functional changes)
• CI/CD changes
• Security improvement
• Philosophical contribution

Changes Made

Testing

Test Commands Run

# List commands you ran to test

Test Results

Checklist

General

• My code follows the project's style guidelines
• I have performed a self-review of my code
• I have commented my code where necessary
• My changes generate no new warnings

Documentation

• I have updated the documentation accordingly
• I have updated the changelog if applicable

Testing

• I have added tests that prove my fix/feature works
• New and existing tests pass locally

Security

• I have not introduced any security vulnerabilities
• I have not committed any secrets or credentials
• I have checked for dependency vulnerabilities

Accessibility

• I have checked for accessibility issues (if applicable)
• Colour contrast meets AAA standards (7:1 ratio)
• Interactive elements are keyboard accessible

Dependencies

• I have not added Python, Node.js, or TypeScript dependencies
• Any new dependencies are justified and documented

Screenshots

Additional Notes

---

Reviewer Guidelines:

• Code quality and style
• Test coverage
• Documentation completeness
• Security implications
• Accessibility compliance
• Performance impact

[github-actions]

🔍 Hypatia Security Scan

Findings: 110 issues detected

Severity	Count
🔴 Critical	6
🟠 High	10
🟡 Medium	94

⚠️ Action Required: Critical security issues found!

View findings

[
  {
    "reason": "Action perpolymath/standards/.github/workflows/governance-reusable.yml@main\n needs attention",
    "type": "unpinned_action",
    "file": "governance.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in ci.yml",
    "type": "unknown",
    "file": "ci.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in ci.yml",
    "type": "unknown",
    "file": "ci.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in ci.yml",
    "type": "unknown",
    "file": "ci.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in ci.yml",
    "type": "unknown",
    "file": "ci.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in ci.yml",
    "type": "unknown",
    "file": "ci.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in ci.yml",
    "type": "unknown",
    "file": "ci.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in ci.yml",
    "type": "unknown",
    "file": "ci.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in ci.yml",
    "type": "unknown",
    "file": "ci.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in codeql.yml",
    "type": "unknown",
    "file": "codeql.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  }
]

Powered by Hypatia Neurosymbolic CI/CD Intelligence