ci: add dependency audit step and CODEOWNERS

- Add pnpm audit --audit-level=high to CI guardrails job so vulnerable
  packages are caught before merge, not just in nightly scans
- Add CODEOWNERS for review routing on infra, schema, and auth changes

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

.github/CODEOWNERS

@@ -0,0 +1,14 @@
+# Global fallback — all changes require review
+* @hartmut
+
+# Infrastructure
+.github/ @hartmut
+tooling/ @hartmut
+docker-compose*.yml @hartmut
+
+# Database schema
+packages/db/prisma/ @hartmut
+
+# Auth & security
+packages/api/src/router/auth.ts @hartmut
+packages/api/src/middleware/ @hartmut

.github/workflows/ci.yml

@@ -46,6 +46,9 @@ jobs:
       - name: Check workspace imports
         run: pnpm check:imports
 
+      - name: Security audit (high+ severity)
+        run: pnpm audit --audit-level=high
+
   # ──────────────────────────────────────────────
   # Typecheck — ~40s, no services needed
   # ──────────────────────────────────────────────