chore(security): add Dependabot and CodeQL exclusions

- Dependabot: weekly scans for NuGet, npm, GitHub Actions, Docker
- CodeQL: exclude obj/, bin/, node_modules/, generated files

Refs: E7-T1

Author: dylan-mccarthy

.github/codeql/codeql-config.yml

@@ -0,0 +1,43 @@
+name: "CodeQL Configuration"
+
+# Paths to exclude from CodeQL analysis
+paths-ignore:
+  # Build artifacts
+  - "**/obj/**"
+  - "**/bin/**"
+  - "**/publish/**"
+  - "**/out/**"
+  - "**/build/**"
+  - "**/dist/**"
+  
+  # Dependencies
+  - "**/node_modules/**"
+  - "**/packages/**"
+  - "**/.nuget/**"
+  
+  # Docker build context (auto-generated)
+  - "**/.dockerignore"
+  
+  # Generated files
+  - "**/*.Designer.cs"
+  - "**/*.designer.cs"
+  - "**/*.g.cs"
+  - "**/*.g.i.cs"
+  - "**/AssemblyInfo.cs"
+  - "**/AssemblyAttributes.cs"
+  
+  # Next.js build artifacts
+  - "src/admin-ui/.next/**"
+  - "src/admin-ui/out/**"
+  
+  # Test coverage reports
+  - "**/coverage/**"
+  - "**/TestResults/**"
+  
+  # Temporary files
+  - "**/*.tmp"
+  - "**/*.temp"
+
+# Queries to run
+queries:
+  - uses: security-and-quality

.github/dependabot.yml

@@ -0,0 +1,97 @@
+version: 2
+updates:
+  # .NET dependencies
+  - package-ecosystem: "nuget"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+    open-pull-requests-limit: 10
+    labels:
+      - "dependencies"
+      - "security"
+    commit-message:
+      prefix: "chore(deps)"
+      include: "scope"
+
+  # npm dependencies for Admin UI
+  - package-ecosystem: "npm"
+    directory: "/src/admin-ui"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+    open-pull-requests-limit: 10
+    labels:
+      - "dependencies"
+      - "security"
+      - "admin-ui"
+    commit-message:
+      prefix: "chore(deps)"
+      include: "scope"
+
+  # GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+    open-pull-requests-limit: 5
+    labels:
+      - "dependencies"
+      - "ci/cd"
+    commit-message:
+      prefix: "chore(deps)"
+      include: "scope"
+
+  # Docker
+  - package-ecosystem: "docker"
+    directory: "/src/ControlPlane.Api"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+    open-pull-requests-limit: 5
+    labels:
+      - "dependencies"
+      - "docker"
+    commit-message:
+      prefix: "chore(deps)"
+      include: "scope"
+
+  - package-ecosystem: "docker"
+    directory: "/src/Node.Runtime"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+    open-pull-requests-limit: 5
+    labels:
+      - "dependencies"
+      - "docker"
+    commit-message:
+      prefix: "chore(deps)"
+      include: "scope"
+
+  - package-ecosystem: "docker"
+    directory: "/src/Agent.Host"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+    open-pull-requests-limit: 5
+    labels:
+      - "dependencies"
+      - "docker"
+    commit-message:
+      prefix: "chore(deps)"
+      include: "scope"
+
+  - package-ecosystem: "docker"
+    directory: "/src/admin-ui"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+    open-pull-requests-limit: 5
+    labels:
+      - "dependencies"
+      - "docker"
+    commit-message:
+      prefix: "chore(deps)"
+      include: "scope"