feat: add contributors section to Hall of Fame

[kOaDT]

Description

Display project contributors alongside players on the Hall of Fame page, splitting it into two groups on the same page:

• Players (existing): people who completed all challenges, self-submitted via PR to hall-of-fame/data.json.
• Contributors (new): fetched from the GitHub API at build time. Bots are excluded and the list is sorted by contribution count. No auth token is used, on purpose: a real credential must never live in process.env of a deliberately vulnerable app (file-read / RCE challenges could exfiltrate it). Unauthenticated is enough given the ~1 request/day caused by ISR. The section is hidden if the fetch fails, so the page never breaks.

The "Join the Hall of Fame" CTA stays grouped with the players, and the contributors grid reuses the same hover animation as the player cards for visual consistency.

Also centralizes the repo URL: lib/config now exposes GITHUB_REPO_SLUG and derives GITHUB_REPO from it. All hardcoded repo URLs across the app (Footer, PlayerDashboardClient, FlagChecker, hall-of-fame/page, contact/page, SupportBanner) now import from it (DRY). The duplicated TrophyIcon / GitHubIcon SVGs were extracted to a shared app/hall-of-fame/icons.tsx.

Type of change

• Bug fix
• New feature (e-commerce site improvement)
• New vulnerability / flag
• Walkthrough / writeup
• Documentation update
• Other (please describe):

Testing done

• npx tsc --noEmit passes with no errors.
• Verified contributors are fetched, bots filtered out, and sorted by contribution count.
• Confirmed the contributors section is hidden when the GitHub API is unreachable (graceful fallback).
• Checked layout, dark mode, and hover behavior on the Hall of Fame page (players + contributors).

Checklist

• Documentation updated (if applicable)

If adding a new vulnerability

• Flag added in prisma/seed.ts with format OSS{...}
• Three progressive hints added in prisma/seed.ts
• Vulnerable code path is exploitable and demonstrable
• Reference doc added under content/vulnerabilities/ (concept + fix only — no exploit steps, payloads, or flag value)
• Regression tests added (unit, API, and/or E2E)
• No real-world secrets introduced
• If a walkthrough was also added under docs/src/data/blog/, walkthroughSlug is set on the flag in prisma/seed.ts

[github-actions]

Thank you @kOaDT for contributing once again!

📊 PR overview

Files changed	Additions	Deletions	Size
12	+204	-87	L

📝 Before review

To help maintainers review your changes efficiently, please ensure that:

• The PR description clearly explains what was changed and why
• The PR checklist has been filled out
• All existing tests continue to pass
• New tests have been added for any new functionality

📖 Please review our Contributing Guidelines and Code of Conduct.

✅ Continuous Integration

Two CI workflows will run automatically on this PR:

• Code Quality — linting and formatting checks
• Exploitation Tests — ensures vulnerabilities and flags work as expected

You can follow their progress in the Checks tab.

🤝 A note on collaboration

We value respectful and constructive interactions. Whether you are a contributor or a reviewer, please be patient, kind, and open to feedback.

---

A maintainer will review your changes as soon as possible. If you have any questions, feel free to ask in this thread.

kOaDT