chore(community): add contributing infra, issue/PR templates, npm publish workflow

Tier A infrastructure to convert 204★ momentum into durable community and
distribution. Pairs with PR #12 (ETHICS / CHANGELOG / fidelity smoke) — merge
PR #12 first, then this.

**Community docs**
- `CONTRIBUTING.md` — three-tier contribution flow (code vs docs vs master
  content), with a detailed §3 "how to contribute a new master" covering
  copyright tier self-check, `/create-master` vs manual path, SKILL.md
  frontmatter spec, voice.md Layer 0-3, fidelity.jsonl authoring.
- `CODE_OF_CONDUCT.md` — Contributor Covenant 2.1 + Buddhist-project-specific
  rules (no doctrinal supremacy, no using the repo as a dharma platform, no
  impersonating clergy, no apocryphal scripture citations).
- `SECURITY.md` — threat model (prompt injection, supply chain, secret leak,
  installer safety, religious-boundary adversarial input), SLA table, GH
  Security Advisory as primary channel.

**Issue / PR templates**
- `bug_report.yml` — area selector, master selector, repro template.
- `feature_request.yml` — non-master enhancement requests.
- `new_master.yml` — **MUST precede any new-master PR**; forces tier A/B/D
  self-judgment and citation planning before sunk cost.
- `boundary_violation.yml` — P0 template for ETHICS.md §3 violations.
- `config.yml` — directs users to Discussions for chatter, Security Advisory
  for vulnerabilities, email for urgent takedowns.
- `PULL_REQUEST_TEMPLATE.md` — change-type checkboxes, self-check list, new-
  master fields, local-test block.

**npm publish**
- `.github/workflows/npm-publish.yml` — release-tag + workflow_dispatch, with
  dry-run mode, tag-version match check, `npm publish --provenance`.
  First-time publish needs NPM_TOKEN secret (user action).
- `package.json` hardening:
  - `engines.node: >=18`
  - scripts: `validate`, `validate:fidelity`, `test`, `test:smoke`, `prepack`
  - `publishConfig` (public, npm registry)
  - `files` list expanded to include platform manifests + governance docs
  - richer `keywords`, `author`, `bugs`, `homepage` fields
  - expanded description mentions all 8 masters for search discoverability

**README**
- 贡献指南 section rewritten to point at CONTRIBUTING.md + Discussions +
  four issue templates, with "先开 New Master issue 征询" gate spelled out.

Discussions were enabled on the repo alongside this commit via `gh api`, so
the links in README/templates resolve immediately on merge.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,66 @@
+<!--
+感谢贡献！请用中文或英文填写以下字段。纯 typo / 格式修复可删除不相关部分。
+-->
+
+## 改动类型
+
+<!-- 勾选适用项 -->
+
+- [ ] 代码 / CI / 工具链
+- [ ] 文档 / README / 翻译
+- [ ] 新增法师内容（`prebuilt/<slug>/`）
+- [ ] 修改已有法师内容
+- [ ] fidelity 测试用例变更
+- [ ] `ETHICS.md` / `CONTRIBUTING.md` / `CODE_OF_CONDUCT.md` / `SECURITY.md` 治理条款
+- [ ] 其它
+
+## 做了什么 + 为什么
+
+<!-- 描述改动本身，以及它解决了什么问题。不要只列文件。 -->
+
+## 相关 issue / discussion
+
+<!-- Closes #123 / Refs #456 / 相关讨论链接 -->
+
+## 自检清单
+
+<!-- 提交前请自行勾选 -->
+
+- [ ] CI 绿色（validate / fidelity-smoke / verify-links 无 red）
+- [ ] 如果改了 `prebuilt/**` → 已 review [`ETHICS.md`](../ETHICS.md) §2（版权 Tier）、§3（教界边界）
+- [ ] 如果新增 / 修改 `teaching.md` → 所有教义断言均附**真实** CBETA 经号
+- [ ] 如果新增 `voice.md` → Layer 0（硬规则）已从 ETHICS.md §3 完整复制
+- [ ] 如果新增 fidelity 用例 → `python scripts/validate-fidelity.py` 绿色
+- [ ] CHANGELOG.md 的 `[Unreleased]` 章节已更新（除非是纯 typo / 格式）
+- [ ] PR description 说明了**为什么**这样做，不只是做了什么
+
+## 新增法师（如适用）
+
+<!-- 仅新增 prebuilt/<slug>/ 时填写 -->
+
+- **法师**：
+- **slug**：
+- **版权 Tier**：A / B / D
+- **对应的 New Master issue**：#
+- **Tier B 授权证明**：（链接 `prebuilt/<slug>/LICENSE.md`）
+
+## 本地测试
+
+<!-- 说明你本地跑了什么、结果如何 -->
+
+```bash
+# 示例
+python scripts/validate.py --strict      # ✅
+python scripts/test-fidelity.py --master <new> --dry-run   # ✅ 5 条用例
+ANTHROPIC_API_KEY=... python scripts/test-fidelity.py --master <new> --max-tests 1   # ✅ 1/1 pass
+```
+
+## 截图 / 样例回答
+
+<!-- 可选。展示 AI 角色的实际表现，方便 review -->
+
+---
+
+<!--
+PR description 写得详细一点，可以大幅减少来回 review 的次数。感谢！
+-->