Add CI steps: npm audit, test coverage threshold, dependency caching

[that-github-user]

Summary

CI pipeline is functional but missing standard hardening steps.

Missing steps

1. npm audit — catch known vulnerabilities in dependencies
2. Test coverage — add coverage reporting and enforce a threshold (e.g., 60% to start)
3. Dependency caching — already uses cache: npm in setup-node ✓
4. Build artifact check — verify npm run build produces valid dist/

Proposed additions to ci.yml

- name: Security audit
  run: npm audit --audit-level=moderate

- name: Test with coverage
  run: npx c8 tsx --test src/**/*.test.ts

- name: Check coverage threshold
  run: npx c8 check-coverage --lines 60 --branches 50

[that-github-user]

Fixed in #43. Added npm audit step (continue-on-error for transitive dep advisories) and build output verification (confirms dist/cli.js exists after build) to CI pipeline.