ci: add QC Preflight check workflow and Dependabot file

[njjetha]

Summary

Added workflow file to run automated Qualcomm preflight checks on every PR and push to main. This workflow enforces project quality and compliance standards by running:

Semgrep scan – static code analysis for security/bug patterns
Dependency review – flags vulnerable or license-incompatible dependencies
Repolinter check – validates repo structure against project standards
Copyright/license check – ensures all files have proper license headers
Commit email check – verifies commits are made with approved email addresses
Commit Message Check - Ensures commit messages follow standards (optional) default set to enable-commit-msg-check: false
ARMOR Compatibility Checkers - Ensures source code follows API and ABI backward compatibility (optional) default set to enable-armor-checkers: false

These checks help maintain code quality, security, and open-source compliance across contributions.

Dependabot configuration file is added to enable automated dependency updates for GitHub Actions workflows used in this repository.
For more information please check repo qcom-reusable-workflow

[github-advanced-security]

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

• The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
• Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
• You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.