ci: run sonarcloud security on main

[gortavoher]

Problem

The security with sonarcloud job ignored main (and security audit only ran on main), so SonarCloud never scanned main. GitHub then flags main's code-scanning results as "may be out of date" — even though the same code passed scanning as a PR (PR-ref scans don't satisfy the main branch).

Fix

Move main out of both filters, matching the known-good shape (kdeets):

• security audit only → only: /pull\/[0-9]+/ (forked PRs only — SonarCloud secrets/context aren't available there)
• security with sonarcloud → ignore: /pull\/[0-9]+/ (everything else, including main + non-forked PRs)

So main is scanned + uploaded on every push, keeping code-scanning/SonarCloud results current.

CI-config-only change.

[jerus-bot]

✅ Commit Signature Verification - Success

All commits have been verified successfully.

Summary

• Commits checked: 1
• Trusted verified: 1
• External contributors: 0

No impersonation attempts detected.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.