Tidy Up CI Workflows

[AuraMindNest]

Problem

The CI workflow files were disorganised: lint and test jobs lived in the same file under a misleading name, workflow filenames did not reflect their purpose, and there was no automated dependency-update mechanism. This made it hard to reason about CI at a glance and left dependency hygiene entirely manual.

Acceptance Criteria

• A dedicated ci-lint.yml workflow exists that runs pre-commit checks (ruff, reuse, etc.) independently of the test suite
• A dedicated ci-test.yml workflow exists that runs only the test-and-coverage job
• build-and-check.yml is renamed to ci-package.yml so its purpose is clear from the filename
• dep-audit.yml is renamed to ci-dependencies.yml for naming consistency
• dependabot.yml is present and configures automated weekly PRs for uv (Python), github-actions, and pre-commit ecosystems
• Dependabot groups patch/minor uv bumps together and major bumps separately to reduce PR noise
• All four CI workflow files follow the ci-<purpose>.yml naming convention

Implementation Notes

• The lint job extracted into ci-lint.yml is identical to what was previously embedded in lint-and-format.yml; the old file is repurposed as ci-test.yml with the lint job block deleted and the workflow name updated to "Tests and coverage"
• Dependabot's uv ecosystem does not yet support dependency-type-based groups (see dependabot/dependabot-core#13202), so groups are defined by semver bump size (patch/minor vs major) as a workaround
• All action references use pinned commit SHAs (not floating tags) to prevent supply-chain attacks; the SHA comments document the human-readable version

References

• `.github/workflows/