fix: add tool-install guards to Makefile audit/deny targets and update docs/CI (#46)

[Topmatrixmor2014]

Description

Fixes #46 — Makefile audit/deny targets now fail with a clear installation guide instead of a cryptic "command not found" error.

Changes Made

Makefile

• Added command -v pre-checks to audit and deny targets that emit a clear "tool not installed — run cargo install …" message and exit non-zero when the binary is missing
• Created audit-ci and deny-ci targets that auto-install the tools (used by CI)
• Added audit-ci and deny-ci to .PHONY declaration
• Added audit and deny entries to make help output

CONTRIBUTING.md (new)

• Created comprehensive contributor guide with prerequisites section
• Documents cargo-audit and cargo-deny install commands explicitly
• Includes development workflow, branch naming, PR process, and code style guidelines

README.md

• Added "Prerequisites" subsection under "Security Scans" with install commands for cargo-audit and cargo-deny
• Updated Automated CI description to mention dedicated CI jobs

.github/workflows/ci.yml

• Added security-audit job: installs cargo-audit via cargo install --locked, then runs cargo audit
• Added license-check job: installs cargo-deny via cargo install --locked, then runs cargo deny check
• Both jobs follow the same patterns as existing jobs (dtolnay/rust-toolchain, Swatinem/rust-cache)

Acceptance Criteria Met

1. ✅ make audit / make deny emit clear "tool not installed" message with non-zero exit when binary is missing
2. ✅ Normal flow (tool installed) is unchanged
3. ✅ CONTRIBUTING.md and README "Security Scans" section explicitly mention install commands
4. ✅ CI workflow installs cargo-audit and cargo-deny via dedicated steps

closes #46

[GBOYEE]

I'd like to work on this.

Approach:

• I'll add the CI config and test it locally before pushing
• Verify with existing tests + add new ones if needed

Estimated effort: ~1-2 hours. PR incoming shortly.