Consolidate and improve GitHub Actions workflows

[kmcginnes]

Description

Restructures 4 workflow files into 3 with clearer names and responsibilities:

• ci.yml: Dependency review, static analysis, and tests as parallel jobs with pnpm caching
• docker.yml: Build, scan, smoke test, and conditionally push to ECR (single workflow replaces separate PR and publish workflows)
• security-audit.yml: Daily Trivy scans built from source against both image variants

Key improvements:

• Static analysis (checks) and tests run in parallel for faster PR feedback
• Sagemaker variant now gets a server startup smoke test (port 9250)
• Coverage report uploaded as a 14-day artifact
• Security audit builds images from source instead of pulling from ECR, ensuring scans always reflect main HEAD
• Both standard and sagemaker images scanned with os,library scope
• Docker workflow won't cancel in-progress runs on main (prevents interrupted publishes)

Validation

• All pnpm checks pass
• Built sagemaker Docker image locally and confirmed /status responds on port 9250
• Workflow YAML validated against expected trigger/job structure

Related Issues

• N/A

Check List

• I confirm that my contribution is made under the terms of the Apache 2.0 license.
• I have verified pnpm checks passes with no errors.
• I have verified pnpm test passes with no failures.
• I have covered new added functionality with unit tests if necessary.
• I have updated documentation if necessary.