Add OWASP Dependency-Check integration for SonarQube

- Add sonar.dependencyCheck.jsonReportPath and htmlReportPath to sonar-project.properties
- Add Dependency-Check action scanning composer.lock and package.json
- Generate JSON and HTML reports for SonarQube analysis
- Add to ci.yml sonarqube job and sonarqube.yml workflow

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

.gitea/workflows/sonarqube.yml

@@ -92,6 +92,19 @@ jobs:
           ./hadolint docker/php/dev/Dockerfile -f json > hadolint-dev.json || true
           ./hadolint docker/php/prod/Dockerfile -f json > hadolint-prod.json || true
 
+      - name: OWASP Dependency-Check
+        uses: dependency-check/Dependency-Check_Action@main
+        with:
+          project: 'e-ticket'
+          path: '.'
+          format: 'JSON,HTML'
+          args: >
+            --scan composer.lock
+            --scan package.json
+            --out .
+            --disableAssembly
+        continue-on-error: true
+
       - name: SonarQube Scan
         uses: sonarsource/sonarqube-scan-action@v5
         with: