Add mcp-safety-scanner CI (baseline) #3

	name: MCP Safety Scan

	on:
	push:
	branches:
	- main
	paths:
	- "src/**"
	- ".github/workflows/mcp-safety-scan.yml"
	- ".mcp-safety-baseline.json"
	pull_request:
	paths:
	- "src/**"
	- ".github/workflows/mcp-safety-scan.yml"
	- ".mcp-safety-baseline.json"

	permissions:
	contents: read

	jobs:
	scan:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v6

	- uses: actions/setup-node@v6
	with:
	node-version: 20

	# Pin the action version for supply-chain safety.
	- uses: TheodorNEngoy/mcp-safety-scanner@dcf124b4f97aa893867ced9028264a298e2b4292 # v0.3.5
	with:
	path: src
	baseline: .mcp-safety-baseline.json
	fail-on: high
	format: github

Provide feedback