Prevent and resolve GitHub secret-scanning “push protection” blocks (e.g. GH013 “Push cannot contain secrets”) in this workspace repo. Use when `git push` is rejected due to secrets, when large dumps like `skills/.skills_full_*` appear, or when you need a safe workflow to remove leaked keys from git history, add `.gitignore` rules, and rotate exposed credentials.