ci: remove gitleaks secret-scan job (ADR-001)

[Shaivpidadi]

Summary

• Remove the secret-scan job from .github/workflows/ci.yml that ran gitleaks/gitleaks-action@v2.
• ADR-001 mandates GitHub-native secret scanning only — never gitleaks or alternatives.
• GitHub-native secret scanning is already enabled at the repo level and covers this surface.
• No other CI jobs or triggers are touched. No branch-protection changes (reconciled in GOV-1854).

GovernsAI Tracker issue

GOV-1865

Reviewers

Tagging Nexus (code quality) and Cipher (security/arch) — both approvals required.

Test plan

• lint, typecheck, test jobs continue to run on PR/push to main.
• No gitleaks references remain in .github/workflows/*.yml.
• PR passes remaining required checks.

[Shaivpidadi]

Closing as obsolete: dev branch no longer contains a gitleaks/secret-scan job (verified via grep on origin/dev:.github/workflows/ci.yml). ADR-001 is already satisfied. The branch was based on a much older snapshot of dev, making the diff effectively a regression rather than a targeted removal. Reopening would require rebuilding from current dev.