ci: add dependency audits and miri

[dev-jodee]

Summary

• add Security workflow with cargo audit, pnpm audit --ignore-unfixable, and Miri
• reuse the shared setup action with optional Rust, pnpm, and just setup controls
• move Cargo and npm Dependabot schedules to weekly
• pin ws@^8.0.0 to 8.20.1 to clear the fixable npm advisory

Test Plan

• git diff --check
• pnpm -w run generate-ts-client && pnpm --filter @solana/subscriptions build && pnpm --filter webapp build
• pnpm audit --ignore-unfixable
• cargo audit --no-fetch
• push hook: format and lint passed
• PR checks: GitHub Actions and Vercel passed

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
solana-subscriptions-program	Ready	Preview, Comment	May 21, 2026 2:33pm

[github-actions]

Compute Unit Report

Instruction	Samples	Min CUs	Max CUs	Avg CUs	Est Cost (Low) [SOL]	Est Cost (Med) [SOL]	Est Cost (High) [SOL]
cancel_subscription	11	1721	2031	1916	0.000005000	0.000005076	0.000005958
close_subscription_authority	7	1804	1834	1808	0.000005000	0.000005072	0.000005904
create_fixed_delegation	38	3510	12515	5001	0.000005001	0.000005200	0.000007500
create_plan	84	3435	13948	5329	0.000005001	0.000005213	0.000007664
create_recurring_delegation	27	3539	17039	5207	0.000005001	0.000005208	0.000007603
delete_plan	8	361	361	361	0.000005000	0.000005014	0.000005180
init_subscription_authority	142	4774	25728	8933	0.000005002	0.000005357	0.000009466
revoke_delegation	19	256	520	354	0.000005000	0.000005014	0.000005177
subscribe	21	6476	23000	9272	0.000005002	0.000005370	0.000009636
transfer_fixed	6	5210	11213	6962	0.000005002	0.000005278	0.000008481
transfer_recurring	17	5325	9918	6769	0.000005002	0.000005270	0.000008384
transfer_subscription	10	5573	14573	8878	0.000005002	0.000005355	0.000009439
update_plan	21	423	502	475	0.000005000	0.000005019	0.000005237

Generated: 2026-05-21