feat(org): add support for code security configurations

[gdams]

Summary

Adds a new org-level resource OrganizationCodeSecurityConfiguration that wraps GitHub's Code Security Configurations API (/orgs/{org}/code-security/configurations).

This is the successor to the deprecated per-feature *_enabled_for_new_repositories organization settings, letting users manage named code security configurations directly from otterdog.

New resource

Each code_security_configuration entry supports:

• name, description, enforcement
• advanced_security
• dependency_graph + dependency_graph_autosubmit_action
• dependabot_alerts, dependabot_security_updates
• code_scanning_default_setup
• secret_scanning + secret_scanning_push_protection, secret_scanning_delegated_bypass, secret_scanning_validity_checks, secret_scanning_non_provider_patterns
• private_vulnerability_reporting

Feature fields accept enabled / disabled / not_set; enforcement accepts enforced / unenforced.

Example

orgs.newOrg('my-project', 'my-org') {
  code_security_configurations+: [
    orgs.newOrgCodeSecurityConfiguration('baseline') {
      description: 'Baseline configuration for all new repositories',
      advanced_security: 'enabled',
      secret_scanning: 'enabled',
      secret_scanning_push_protection: 'enabled',
      dependabot_alerts: 'enabled',
      dependabot_security_updates: 'enabled',
    },
  ],
}

Changes

• otterdog/models/organization_code_security_configuration.py (new) — ModelObject with validate and full live-patch ADD/REMOVE/CHANGE support.
• otterdog/models/github_organization.py — new field, accessors, wiring into get_model_objects, from_model_data, validate, to_jsonnet, generate_live_patch, and parallel loading from provider.
• otterdog/providers/github/__init__.py + otterdog/providers/github/rest/org_client.py — list/add/update/delete methods for the new endpoints (global/predefined configs are filtered out on read).
• otterdog/jsonnet.py — create_org_code_security_configuration function name and default_org_code_security_configuration_config cached property.
• examples/template/otterdog-defaults.libsonnet — newOrgCodeSecurityConfiguration() helper, new code_security_configurations array on newOrg, and export.
• otterdog/resources/schemas/org-code-security-configuration.json (new) + organization.json reference.
• tests/models/test_org_code_security_configuration.py + fixture JSON files.

Testing

• poetry run pytest tests/models/test_org_code_security_configuration.py → 4 passed
• poetry run pytest tests/ → 247 passed, 2 skipped, 0 failures
• poetry run mypy otterdog → clean
• poetry run ruff check / ruff format → clean