This pull request introduces important onboarding and security improvements to the repository. The main changes include adding repository-specific onboarding instructions for Copilot coding agents, and incorporating two new GitHub Actions workflows: one for advanced CodeQL code scanning and another for generating SLSA provenance files to enhance supply chain security.

Repository onboarding and documentation:

• Added .github/copilot-instructions.md with detailed guidelines to help Copilot coding agents efficiently understand, build, test, and validate changes in the repository, aiming to reduce build failures and improve agent productivity.

Security and workflow enhancements:

• Introduced .github/workflows/codeql.yml to enable advanced CodeQL code scanning for multiple languages, improving automated detection of security vulnerabilities and code quality issues on push, pull request, and scheduled events.
• Added .github/workflows/generator-generic-ossf-slsa3-publish.yml to automate the generation of SLSA Level 3 provenance files for project artifacts, supporting secure software supply chain practices and artifact verification.

This pull request introduces important onboarding and security enhancements to the repository. It adds detailed Copilot agent onboarding instructions, sets up a CodeQL code scanning workflow for security analysis, and introduces a workflow for generating SLSA provenance to improve supply chain security.

Repository onboarding and documentation:

• Added .github/copilot-instructions.md with comprehensive guidelines for Copilot coding agents, covering repository overview, build/validation steps, project layout, and explicit instructions to reduce agent exploration time.

Security and compliance automation:

• Introduced .github/workflows/codeql.yml to enable automated CodeQL code scanning for 'actions' and 'go' languages on push, pull request, and scheduled events, enhancing code security through continuous analysis.
• Added .github/workflows/generator-generic-ossf-slsa3-publish.yml workflow to generate SLSA level 3 provenance files for release artifacts, improving supply chain integrity and traceability.

This pull request introduces important repository onboarding and security improvements by adding Copilot-specific onboarding instructions and two new GitHub Actions workflows for code analysis and supply chain security. These changes aim to make the repository more accessible to coding agents and to enhance automated security and provenance checks.

Repository onboarding and agent guidance:

• Added .github/copilot-instructions.md with detailed instructions for Copilot coding agents, including repository overview, build and validation steps, project layout, and explicit steps to minimize exploration and errors.

Security and CI/CD enhancements:

• Added .github/workflows/codeql.yml to enable advanced CodeQL analysis for Go and GitHub Actions code, providing automated code scanning for vulnerabilities on pushes, pull requests, and a weekly schedule.
• Added .github/workflows/generator-generic-ossf-slsa3-publish.yml workflow to generate SLSA level 3 provenance files for releases, improving supply chain security and artifact traceability.