feat: introduce Adobe Security Toolkit cursor rules

[radhikagpt1208]

Changes Made

Introduces the Adobe Security Toolkit as Cursor rules to enforce secure coding practices across the codebase via AI-assisted development.

• Added manifest.json to track installed security rule domains and file integrity via SHA-256 checksums
• Added 17 security-global rules covering: API security, authentication, base principles, dangerous flows, data protection, dependency management, error handling, injection prevention, input validation, MCP usage, output encoding, path traversal prevention, secure configuration, Snyk integration, SQL usage, SSRF prevention, and XXE prevention
• Added 1 security-lang rule for Node.js-specific secure coding patterns
• Rules are configured with contextual triggers (e.g., "USE WHEN implementing user authentication") so they activate only when relevant

Related Issue

https://jira.corp.adobe.com/browse/SITES-40686

Resources

https://wiki.corp.adobe.com/display/PASS/Adobe+Developer+Toolkit

Testing the PR changes

• Open the project in Cursor IDE and verify the .cursor/rules/ folder contains manifest.json, the security-global/ directory (17 .mdc files), and the security-lang/ directory (1 .mdc file).
• Confirm the manifest.json lists all 18 files with valid SHA-256 hashes and reports "missingFiles": 0.
• Open a Cursor agent chat and ask it to implement a feature involving user input handling — verify the agent references the input validation or injection prevention rules.
• Verify the security-global-base.mdc rule is set to alwaysApply: true and the remaining rules use contextual description triggers.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!