Implement remaining security audit recommendations

## Context

Issue #76 (Security Audit) was closed after PR #79 (JWT refresh) and related work. Some items may still be outstanding.

## Checklist from #76

- [x] JWT token expiration settings
- [x] Password hashing (bcrypt)
- [x] Rate limiting implementation
- [x] Input validation and sanitization
- [ ] Add `bandit` for Python security linting
- [ ] Add pre-commit hook for secret detection
- [ ] Create `SECURITY.md` with vulnerability reporting process
- [ ] Docker containers run as non-root user

## Acceptance Criteria

- [ ] `bandit` added to dev dependencies and CI
- [ ] `detect-secrets` or similar pre-commit hook configured
- [ ] `SECURITY.md` file created with responsible disclosure policy
- [ ] Dockerfile uses non-root user
- [ ] CI includes security scanning step

## Definition of Done

- [ ] All checklist items completed
- [ ] CI passes with new security checks
- [ ] Documentation updated

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Implement remaining security audit recommendations #97

Context

Checklist from #76

Acceptance Criteria

Definition of Done

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Implement remaining security audit recommendations #97

Description

Context

Checklist from #76

Acceptance Criteria

Definition of Done

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions