[Feature] add Checkov or tfsec for Terraform policy checks

## Summary
Add automated static analysis for `terraform/` so common misconfigurations (e.g. missing encryption, unsafe defaults) are caught in CI and locally.

## Motivation
Complements general CI/CD work: this issue is narrowly scoped to **IaC security policy** for the honeypot deployment code.

## Scope
- Choose **Checkov** or **tfsec** (document why in the PR).
- Add minimal config appropriate for a honeypot (document **suppressions** where wide ingress is intentional, with comments).
- Integrate into GitHub Actions (extend existing Terraform workflow or add a job).

## Acceptance criteria
- [ ] Scan runs on PRs that touch `terraform/**`.
- [ ] README: how to run the same scan locally.
- [ ] Intentional honeypot-specific rules are suppressed with inline justification where needed.

## Non-goals
- Replacing full observability stacks (metrics/logging tracked elsewhere).

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Feature] add Checkov or tfsec for Terraform policy checks #25

Summary

Motivation

Scope

Acceptance criteria

Non-goals

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Feature] add Checkov or tfsec for Terraform policy checks #25

Description

Summary

Motivation

Scope

Acceptance criteria

Non-goals

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions