Review SCM files and security updates (#60)

- Fixed security-policy.yml: Changed regex from 'https://' to 'http://'
to properly detect insecure URLs (was checking for secure URLs instead)
- Pinned trufflesecurity/trufflehog to v3.88.1 instead of @main
- Pinned editorconfig-checker to @v2 instead of @main

Co-authored-by: Claude <noreply@anthropic.com>

Author: hyperpolymath

.github/workflows/quality.yml

@@ -12,7 +12,7 @@ jobs:
           find . -type f -perm /111 -name "*.sh" | head -10 || true
       
       - name: Check for secrets
-        uses: trufflesecurity/trufflehog@main
+        uses: trufflesecurity/trufflehog@v3.88.1
         with:
           path: ./
           base: ${{ github.event.pull_request.base.sha || github.event.before }}
@@ -29,7 +29,7 @@ jobs:
           find . -type f -size +1M -not -path "./.git/*" | head -10 || echo "No large files"
       
       - name: EditorConfig check
-        uses: editorconfig-checker/action-editorconfig-checker@main
+        uses: editorconfig-checker/action-editorconfig-checker@v2
         continue-on-error: true
 
   docs:

.github/workflows/security-policy.yml

@@ -17,7 +17,7 @@ jobs:
           fi
           
           # Block HTTP URLs (except localhost)
-          HTTP_URLS=$(grep -rE 'https://[^l][^o][^c]' --include="*.py" --include="*.js" --include="*.ts" --include="*.go" --include="*.rs" --include="*.yaml" --include="*.yml" . 2>/dev/null | grep -v 'localhost\|127.0.0.1\|example\|test\|spec' | head -5 || true)
+          HTTP_URLS=$(grep -rE 'http://[^l][^o][^c]' --include="*.py" --include="*.js" --include="*.ts" --include="*.go" --include="*.rs" --include="*.yaml" --include="*.yml" . 2>/dev/null | grep -v 'localhost\|127.0.0.1\|example\|test\|spec' | head -5 || true)
           if [ -n "$HTTP_URLS" ]; then
             echo "⚠️ HTTP URLs found. Use HTTPS:"
             echo "$HTTP_URLS"