chore: guard audit and deny tooling

[dangelo352]

Closes #46

Summary

• Add clear preflight checks to make audit and make deny for missing cargo-audit / cargo-deny.
• Document the install commands in README and a new contributor guide.
• Add CI jobs that install cargo-audit and cargo-deny before running the Makefile targets.
• Include audit/deny in make help.

Validation

• git diff --check
• Parsed .github/workflows/ci.yml with Ruby YAML loader
• Verified missing-tool behavior locally:
  • make audit prints cargo-audit not installed. Run 'cargo install cargo-audit --locked' then retry. and exits non-zero
  • make deny prints cargo-deny not installed. Run 'cargo install cargo-deny --locked' then retry. and exits non-zero

I did not run the positive audit/deny paths because cargo-audit and cargo-deny are intentionally not installed in this local environment; CI now installs them before running those checks.

[Alqku]

Hi @dangelo352 👋 — appreciate the audit/deny tooling hardening on #46. Two things block the merge here: (1) issue #46 isn't currently assigned to anyone, so I can't merge under our contributor-matches-assignee policy; (2) the Dependency policy CI check is failing (likely a fresh cargo deny advisory). Please ping a maintainer to assign #46 to you, fix the deny warning(s), and push. Happy to merge once both are sorted 🙏

[GBOYEE]

I'd like to work on this.

Approach:

• I'll add the CI config and test it locally before pushing
• Verify with existing tests + add new ones if needed

Estimated effort: ~1-2 hours. PR incoming shortly.