Release automation

• Adds dependency scanning for production dependencies
• Adds changesets-gitlab publishing. Due to the nature of the issue fork workflow on Drupal Gitlab we were kind of limited on what we could do here. We need to limit this to protected branches so we can ensure envars are not shared. As a result, we're only using changesets-gitlab in the following contexts: ** The changeset bot will comment on the existence (or lack of) changesets on MRs of canary against main. ** NPM publishing workflow will be triggered when code is merged to main.

In typical CI fashion, we'll need to monitor and possibly tweak this when merged.