chore(community): add contributing infra, issue/PR templates, npm publish workflow

Tier A infrastructure to convert 204★ momentum into durable community and
distribution. Pairs with PR #12 (ETHICS / CHANGELOG / fidelity smoke) — merge
PR #12 first, then this.

**Community docs**
- `CONTRIBUTING.md` — three-tier contribution flow (code vs docs vs master
  content), with a detailed §3 "how to contribute a new master" covering
  copyright tier self-check, `/create-master` vs manual path, SKILL.md
  frontmatter spec, voice.md Layer 0-3, fidelity.jsonl authoring.
- `CODE_OF_CONDUCT.md` — Contributor Covenant 2.1 + Buddhist-project-specific
  rules (no doctrinal supremacy, no using the repo as a dharma platform, no
  impersonating clergy, no apocryphal scripture citations).
- `SECURITY.md` — threat model (prompt injection, supply chain, secret leak,
  installer safety, religious-boundary adversarial input), SLA table, GH
  Security Advisory as primary channel.

**Issue / PR templates**
- `bug_report.yml` — area selector, master selector, repro template.
- `feature_request.yml` — non-master enhancement requests.
- `new_master.yml` — **MUST precede any new-master PR**; forces tier A/B/D
  self-judgment and citation planning before sunk cost.
- `boundary_violation.yml` — P0 template for ETHICS.md §3 violations.
- `config.yml` — directs users to Discussions for chatter, Security Advisory
  for vulnerabilities, email for urgent takedowns.
- `PULL_REQUEST_TEMPLATE.md` — change-type checkboxes, self-check list, new-
  master fields, local-test block.

**npm publish**
- `.github/workflows/npm-publish.yml` — release-tag + workflow_dispatch, with
  dry-run mode, tag-version match check, `npm publish --provenance`.
  First-time publish needs NPM_TOKEN secret (user action).
- `package.json` hardening:
  - `engines.node: >=18`
  - scripts: `validate`, `validate:fidelity`, `test`, `test:smoke`, `prepack`
  - `publishConfig` (public, npm registry)
  - `files` list expanded to include platform manifests + governance docs
  - richer `keywords`, `author`, `bugs`, `homepage` fields
  - expanded description mentions all 8 masters for search discoverability

**README**
- 贡献指南 section rewritten to point at CONTRIBUTING.md + Discussions +
  four issue templates, with "先开 New Master issue 征询" gate spelled out.

Discussions were enabled on the repo alongside this commit via `gh api`, so
the links in README/templates resolve immediately on merge.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -0,0 +1,60 @@
+name: ✨ Feature Request
+description: 提议新功能、改进、工具链增强（非法师内容类）
+title: "[Feature] "
+labels: ["enhancement", "triage"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        **先确认：**
+        - [ ] 这不是「增加一位新法师」请求（请改用 [New Master 模板](./new?template=new_master.yml)）
+        - [ ] 已搜索现有 [issues](https://github.com/xr843/Master-skill/issues?q=is%3Aissue) 与 [discussions](https://github.com/xr843/Master-skill/discussions) 无重复
+
+  - type: dropdown
+    id: area
+    attributes:
+      label: 影响范围
+      options:
+        - CI / 测试工具
+        - scripts / tools
+        - bin/cli.mjs (NPX installer)
+        - hooks (Claude Code / Cursor / Codex / OpenCode / Gemini)
+        - 新平台支持（cline / aider / openhands / ...）
+        - 文档 / 翻译
+        - /compare-masters
+        - /create-master 生成管线
+        - 其它
+    validations:
+      required: true
+
+  - type: textarea
+    id: problem
+    attributes:
+      label: 要解决的问题
+      description: 你遇到的什么场景让你需要这个功能？
+      placeholder: "例如：在 Gemini CLI 环境里调用 /yinguang 时 hooks 没有触发，session-start 注入失败..."
+    validations:
+      required: true
+
+  - type: textarea
+    id: proposal
+    attributes:
+      label: 建议方案
+      description: 你认为可以怎么做？可以是粗略想法。
+    validations:
+      required: true
+
+  - type: textarea
+    id: alternatives
+    attributes:
+      label: 考虑过的替代方案
+    validations:
+      required: false
+
+  - type: textarea
+    id: volunteer
+    attributes:
+      label: 是否愿意贡献 PR？
+      description: 可选。如果你愿意动手，维护者会优先 review。
+    validations:
+      required: false