feat: security hardening with strict CSP, dependabot, and audit pipelines

[Adedayo-Data]

Description

Closes #189. Implements a multi-layered frontend security and compliance defensive strategy across the deployment infrastructure, application runtime metadata, and continuous integration guardrails.

Changes Implemented

• Infrastructure Hardening: Refactored nginx.conf to enforce a strict production Content Security Policy (CSP), stripping out 'unsafe-inline' overrides and chaining connect-src strictly to *.stellar.org and api.coingecko.com. Enforced upgrade-insecure-requests.
• Runtime Syncing: Updated src/utils/security.js and src/components/SecurityHeaders.jsx to synchronize the app-level client hydration meta fields with the new server proxy rules, defaulting to strict nonces.
• Automated Dependency Guardrails: Provisioned .github/dependabot.yml for daily package tracking and initialized a .github/workflows/dependency-check.yml audit pipeline that forces hard workflow break-failures on any un-waived High or Critical vulnerability alerts.
• Threat Modeling: Composed a root-level SECURITY.md establishing an explicit Threat Model Matrix mapping frontend exploit vectors (XSS, Clickjacking, Exfiltration) to operational system countermeasures.

Verification Plan

• Validated Nginx configuration schema consistency.
• Verified local pipeline script execution against standard repository packages.

[vercel]

@Adedayo-Data is attempting to deploy a commit to the nanle-code's projects Team on Vercel.

A member of the Team first needs to authorize it.

[drips-wave]

@Adedayo-Data Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

[Nanle-code]

@Adedayo-Data please review conflicts