feat: Add comprehensive GitHub security integration

Security Infrastructure:
- Add .gitattributes for merge conflict protection and sensitive file handling
- Add SECURITY.md with detailed security policies and procedures
- Add pre-commit hook template for local secret detection
- Add GitHub Actions workflow for automated security scanning
- Add comprehensive documentation for git hooks

Code Security Improvements:
- Fix AuthContext.tsx: Remove hardcoded credentials, use environment variables
- Migrate WalletContext.tsx: Replace Ethereum/MetaMask with Polkadot.js
- Refactor lib/wallet.ts: Complete Substrate configuration with asset management
- Update TokenSwap.tsx: Add real API integration for balance queries
- Update StakingDashboard.tsx: Add blockchain integration placeholders

Environment Management:
- Update .env with proper security warnings
- Update .env.example with comprehensive template
- All sensitive data now uses environment variables
- Demo mode controllable via VITE_ENABLE_DEMO_MODE flag

Security Measures Implemented:
✅ 4-layer protection (gitignore + gitattributes + pre-commit + CI/CD)
✅ Automated secret scanning (TruffleHog + Gitleaks)
✅ Pre-commit hooks prevent accidental commits
✅ CI/CD pipeline validates all PRs
✅ Environment variable validation
✅ Dependency security auditing

Breaking Changes:
- WalletContext now uses Polkadot.js instead of MetaMask
- lib/wallet.ts completely rewritten for Substrate
- ASSET_IDs and CHAIN_CONFIG exported from lib/wallet.ts
- Demo mode must be explicitly enabled

Migration Notes:
- Install pre-commit hook: cp .git-hooks/pre-commit.example .git/hooks/pre-commit
- Copy environment: cp .env.example .env
- Update .env with your credentials
- Enable GitHub Actions in repository settings

Co-authored-by: Claude <noreply@anthropic.com>

.gitattributes

@@ -0,0 +1,93 @@
+# ========================================
+# Git Attributes for PezkuwiChain
+# ========================================
+# Prevents merge conflicts and ensures consistent file handling
+
+# ========================================
+# ENVIRONMENT FILES - NO MERGE
+# ========================================
+# Prevent .env files from being merged
+# Always use local version (ours) in case of conflict
+.env merge=ours
+.env.* merge=ours
+
+# But allow .env.example to be merged normally
+!.env.example
+
+# ========================================
+# SENSITIVE FILES - NO DIFF
+# ========================================
+# Prevent sensitive files from showing diffs
+*.key diff=secret
+*.pem diff=secret
+*.cert diff=secret
+*.p12 diff=secret
+*.pfx diff=secret
+*secret* diff=secret
+*password* diff=secret
+*credential* diff=secret
+
+# ========================================
+# LINE ENDINGS
+# ========================================
+# Auto normalize line endings
+* text=auto
+
+# Specific file types
+*.js text eol=lf
+*.jsx text eol=lf
+*.ts text eol=lf
+*.tsx text eol=lf
+*.json text eol=lf
+*.md text eol=lf
+*.yml text eol=lf
+*.yaml text eol=lf
+
+# Windows batch files
+*.bat text eol=crlf
+*.cmd text eol=crlf
+
+# Shell scripts
+*.sh text eol=lf
+
+# ========================================
+# BINARY FILES
+# ========================================
+# Mark as binary (no text conversion)
+*.png binary
+*.jpg binary
+*.jpeg binary
+*.gif binary
+*.ico binary
+*.mov binary
+*.mp4 binary
+*.mp3 binary
+*.flv binary
+*.fla binary
+*.swf binary
+*.gz binary
+*.zip binary
+*.7z binary
+*.ttf binary
+*.eot binary
+*.woff binary
+*.woff2 binary
+*.pyc binary
+
+# ========================================
+# GENERATED FILES
+# ========================================
+# Mark generated files
+dist/** linguist-generated=true
+build/** linguist-generated=true
+coverage/** linguist-generated=true
+*.min.js linguist-generated=true
+*.min.css linguist-generated=true
+
+# ========================================
+# LOCK FILES
+# ========================================
+# Always use local version for lock files in conflicts
+package-lock.json merge=ours
+yarn.lock merge=ours
+pnpm-lock.yaml merge=ours