fix: add global security definition to OpenAPI spec (Checkov CKV_OPENAPI_4/5)

Add top-level `security` field to swagger.json and swagger.yaml referencing
both `ApiKeyAuth` and `OIDCAuth`, making the default auth posture explicit.
Override with empty `security: []` on the intentionally unauthenticated
`/healthz` and `/readyz` probe endpoints.

https://claude.ai/code/session_019MwPKHBP2JU8AZN1roUhQQ

Author: claude

packages/engine/internal/server/docs/swagger.json

@@ -622,6 +622,7 @@
                     "system"
                 ],
                 "summary": "Liveness probe",
+                "security": [],
                 "responses": {
                     "200": {
                         "description": "OK",
@@ -641,6 +642,7 @@
                     "system"
                 ],
                 "summary": "Readiness probe",
+                "security": [],
                 "responses": {
                     "200": {
                         "description": "OK",
@@ -1040,5 +1042,9 @@
             "name": "Authorization",
             "in": "header"
         }
-    }
+    },
+    "security": [
+        {"ApiKeyAuth": []},
+        {"OIDCAuth": []}
+    ]
 }

packages/engine/internal/server/docs/swagger.yaml

@@ -633,6 +633,7 @@ paths:
           description: OK
           schema:
             $ref: '#/definitions/server.HealthResponse'
+      security: []
       summary: Liveness probe
       tags:
       - system
@@ -647,9 +648,13 @@ paths:
           description: Service Unavailable
           schema:
             $ref: '#/definitions/server.ReadyzResponse'
+      security: []
       summary: Readiness probe
       tags:
       - system
+security:
+- ApiKeyAuth: []
+- OIDCAuth: []
 securityDefinitions:
   ApiKeyAuth:
     description: 'Bearer API key. Format: "Bearer mk_..."'