[plan] Add gosec scan duration monitoring to CI workflows

[github-actions]

Objective

Add timing instrumentation to gosec security scans in GitHub Actions to track performance and detect regressions.

Context

From discussion #12003: gosec v2.22.11 includes performance optimizations (5-15% faster). We should track scan duration to verify improvements and detect future regressions.

Approach

1. Add timing to .github/workflows/security.yml gosec job:

- name: Run gosec security scan
  run: |
    START_TIME=$(date +%s)
    gosec -fmt=sarif -out=results.sarif ./...
    END_TIME=$(date +%s)
    DURATION=$((END_TIME - START_TIME))
    echo "Gosec scan completed in ${DURATION}s"
    echo "gosec_duration=${DURATION}" >> $GITHUB_OUTPUT

2. Add performance reporting step to log duration
3. Consider adding duration to job summary for visibility

Files to Modify

• Update: .github/workflows/security.yml

Acceptance Criteria

• Scan duration is logged in workflow output
• Duration is visible in job summary
• Baseline measurement documented
• No impact on scan functionality

Priority

LOW - Monitoring enhancement

Estimated Effort

15-20 minutes

AI generated by Plan Command for discussion #12003

[github-actions]

🍪 Issue Monster has assigned this to Copilot!

I've identified this issue as a good candidate for automated resolution and assigned it to the Copilot agent.

The Copilot agent will analyze the issue and create a pull request with the fix.

Om nom nom! 🍪

AI generated by Issue Monster