Tighten the web app ESLint scope so TypeScript source is checked
without crawling bundled skill assets, and remove unused markdown and
debounce dependencies.
Clarify the security reporting flow and split code vs content
licensing to reduce ambiguity for users and contributors.
