* feat: add comprehensive pre-commit CI hooks
- Add safety for dependency vulnerability scanning
- Add bandit for Python security linting with appropriate skips
- Add interrogate for docstring coverage checking (60% threshold)
- Add mypy for type checking with permissive CI configuration
- Update requirements.txt with safety and bandit dependencies
- Configure all tools for CI compatibility (non-blocking for initial setup)
* security: add hardening measures based on upstream issues
- Add .gitattributes rules to force LF line endings for critical files (fixes CRLF security issues)
- Enhance document validator with MIME type validation and stricter PDF size limits
- Fix subprocess security issues by adding shell=False to prevent command injection
- Add resource exhaustion protection with separate PDF size limits (50MB vs 100MB general limit)
Addresses upstream issues:
- #97: Cross-platform deployment failures due to CRLF line endings
- #31: Large PDF processing failures and resource exhaustion
- Security hardening for subprocess calls to prevent injection attacks
* docs: streamline contribution process and pre-commit checks
- Update and format CONTRIBUTING.md for clarity
- Simplify pull request template
- Adjust pre-commit config to be more lenient locally
* chore: update .gitignore, .secrets.baseline, pyproject.toml, and requirements.txt for improved configuration and dependency management
