Patch: CI/workflow automation fixes for Tampermonkey extension

[Scarmonit]

This PR adds a comprehensive CI/CD workflow for the Tampermonkey repository:

• Build job: Validates repository structure, checks shell scripts, lints manifest files, and archives build artifacts
• Validate job: Checks file permissions, scans for common issues, validates i18n structure
• Security-scan job: Runs basic security checks and verifies no malicious patterns

All workflow runs have been tested and pass successfully. This will enable automated testing and validation for future PRs and commits.

[Copilot]

Pull Request Overview

This PR introduces a CI/CD pipeline for automated builds and validation. The workflow implements multi-stage testing to validate repository structure, shell scripts, and manifest files while performing basic security checks.

• Adds a GitHub Actions workflow with build, validation, and security scanning jobs
• Implements validation for JSON manifest files and shell script syntax
• Sets up basic security scanning to detect sensitive data patterns and potentially unsafe commands

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The negation operator ! with || creates incorrect logic. If grep finds matches (exit code 0), ! inverts it to failure (exit code 1), triggering the warning. If no matches are found (exit code 1), ! inverts to success (exit code 0), and the warning isn't shown. This is backwards - the warning appears when sensitive data is found (correct) but the step fails. Remove ! and use && instead: grep -r ... || echo 'No sensitive patterns found' to log findings without failing, or keep ! without || to fail the job when patterns are detected.

Suggested change

	! grep -r "password\|secret\|api_key" --include="*.sh" --include="*.json" . || echo "Warning: Potential sensitive data found"
	! grep -r "password\|secret\|api_key" --include="*.sh" --include="*.json" .

[Copilot]

Same logic error as line 96. The ! with || combination causes the step to fail when eval/exec is found (which may be intentional) but the logic is confusing. Consider either: (1) grep -r ... && echo 'Warning: ...' || true to warn without failing, or (2) ! grep -r ... without the || echo to fail the job when patterns are found. The current implementation mixes both approaches inconsistently.

Suggested change

	! grep -r "eval\|exec" --include="*.sh" . || echo "Warning: Found eval/exec usage - review carefully"
	! grep -r "eval\|exec" --include="*.sh" .

[Copilot]

Useless use of cat. Use input redirection instead: python3 -m json.tool < build_sys/manifest.json.google.com > /dev/null && echo ... This avoids an unnecessary process and follows shell best practices.

Suggested change

	cat build_sys/manifest.json.google.com | python3 -m json.tool > /dev/null && echo "manifest.json.google.com is valid JSON"
	fi
	if [ -f build_sys/manifest.json.legacy.com ]; then
	cat build_sys/manifest.json.legacy.com | python3 -m json.tool > /dev/null && echo "manifest.json.legacy.com is valid JSON"
	python3 -m json.tool < build_sys/manifest.json.google.com > /dev/null && echo "manifest.json.google.com is valid JSON"
	fi
	if [ -f build_sys/manifest.json.legacy.com ]; then
	python3 -m json.tool < build_sys/manifest.json.legacy.com > /dev/null && echo "manifest.json.legacy.com is valid JSON"

[Copilot]

Useless use of cat. Use input redirection instead: python3 -m json.tool < build_sys/manifest.json.legacy.com > /dev/null && echo ... This avoids an unnecessary process and follows shell best practices.

Suggested change

	cat build_sys/manifest.json.legacy.com | python3 -m json.tool > /dev/null && echo "manifest.json.legacy.com is valid JSON"
	python3 -m json.tool < build_sys/manifest.json.legacy.com > /dev/null && echo "manifest.json.legacy.com is valid JSON"