9e2914a72d
CI workflows: 3 (sast/dependency-check/trivy), unchanged from Audit #2. gitleaks delta (9e175a1..HEAD): 0 leaks / 18 commits. gitleaks full history: 0 leaks / 426 commits. gitleaks no-git app/: 1847 matches all in gitignored vendor/ + phpstan-cache; P2: GITHUB_TOKEN env var captured in gitignored nette DI container cache (not in git history, mitigations in place); P3: generic-api-key FPs in phpstan.phar / cache suggest gitleaks.toml. cspell-words.txt +3: nette, phar, serialises. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>