refactor: remove configuration security analysis job

- Remove Docker Compose and Containerfile security analysis
- Configuration security checks are redundant with existing tools:
  * Docker Compose validation already in CI workflow
  * Containerfile linting with Hadolint in CI workflow
  * Trivy scanning covers container security vulnerabilities
- Simplify security workflow to focus on core security scanning
- Maintain comprehensive security coverage through existing CI checks

Author: kzndotsh

.github/workflows/security.yml

@@ -225,80 +225,3 @@ jobs:
             
             echo ""
           } >> "$GITHUB_STEP_SUMMARY"
-  config:
-    name: Configuration Security
-    runs-on: ubuntu-latest
-    needs: [changes]
-    if: (needs.changes.outputs.yaml == 'true' || github.event_name == 'workflow_dispatch')
-    permissions:
-      contents: read
-      security-events: write
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-      - name: Configuration Security Analysis
-        run: |
-          echo "## 🔧 Configuration Security Analysis"
-          echo ""
-          
-          # Analyze Docker Compose file
-          if [ -f "compose.yaml" ]; then
-            echo "### Docker Compose Security Analysis"
-            
-            # Check for privileged mode
-            if grep -n "privileged: true" compose.yaml; then
-              echo "⚠️ Privileged containers detected"
-            else
-              echo "✅ No privileged containers"
-            fi
-            
-            # Check for host network mode
-            if grep -n "network_mode: host" compose.yaml; then
-              echo "⚠️ Host network mode detected"
-            else
-              echo "✅ No host network mode"
-            fi
-            
-            # Check for exposed ports
-            EXPOSED_PORTS=$(grep -n "ports:" -A 10 compose.yaml | grep -o "[0-9]*:[0-9]*" || echo "")
-            if [ -n "$EXPOSED_PORTS" ]; then
-              echo "**Exposed ports:** $EXPOSED_PORTS"
-              echo "✅ Review port exposure for security"
-            fi
-            
-            # Check for environment variables
-            if grep -n "environment:" -A 20 compose.yaml | grep -i "password\|secret\|key\|token" | grep -v "#.*password\|#.*secret"; then
-              echo "⚠️ Potential secrets in environment variables"
-            else
-              echo "✅ No obvious secrets in environment"
-            fi
-            
-            echo ""
-          fi
-          
-          # Analyze Containerfiles
-          for containerfile in $(find . -name "Containerfile" -o -name "Dockerfile"); do
-            echo "### Containerfile Security Analysis: $containerfile"
-            
-            # Check for root user
-            if grep -n "USER root" "$containerfile"; then
-              echo "⚠️ Running as root user"
-            else
-              echo "✅ Not explicitly running as root"
-            fi
-            
-            # Check for COPY/ADD with sensitive paths
-            if grep -n "COPY\|ADD" "$containerfile" | grep -E "/etc|/root|/home"; then
-              echo "⚠️ Copying from sensitive system paths"
-            else
-              echo "✅ No sensitive path copies detected"
-            fi
-            
-            # Check for exposed ports
-            if grep -n "EXPOSE" "$containerfile"; then
-              echo "**Exposed ports:** $(grep -n "EXPOSE" "$containerfile" | sed 's/.*EXPOSE //')"
-            fi
-            
-            echo ""
-          done
-          } >> "$GITHUB_STEP_SUMMARY"