Move Gitea workflows to repository root

.gitea/workflows/security-scan.yml

@@ -0,0 +1,37 @@
+name: Security Scan
+
+on:
+  schedule:
+    - cron: "0 4 * * 1"
+  workflow_dispatch:
+
+jobs:
+  security-scan:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: opera-cache-cleaner-extension
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Check JavaScript syntax
+        run: |
+          node --check background.js
+          node --check popup/popup.js
+
+      - name: Scan for risky patterns
+        shell: bash
+        run: |
+          if grep -RInE 'eval\s*\(|new Function|innerHTML\s*=|insertAdjacentHTML|fetch\s*\(|XMLHttpRequest|chrome\.tabs|chrome\.cookies|chrome\.history' background.js popup manifest.json; then
+            echo "Review the matches above before release."
+            exit 1
+          fi
+
+      - name: Check manifest permissions
+        shell: bash
+        run: |
+          if grep -qE '"(tabs|cookies|history|downloads|<all_urls>)"' manifest.json; then
+            echo "Unexpected broad permission found in manifest.json."
+            exit 1
+          fi