Add Security Review module to Varbase Security Base

Problem/Motivation

The Security Review module provides automated checks for common security risks including file permissions, PHP configuration, input filtering, and unsafe settings. Adding it to Varbase improves baseline security visibility for developers and site administrators.

Proposed resolution

• Add drupal/security_review to composer.json.
• Ship managed configuration for default security checks.
• Enable predefined checks under config/managed/security_review.
• Configure default untrusted roles and logging.

This provides a ready-to-use security audit baseline for Varbase sites.

Remaining tasks

• ✅ File an issue about this project
• ✅ Addition/Change/Update/Fix to this project
• ✅ Testing to ensure no regression
• ✅ Automated unit/functional testing coverage
• ✅ Developer Documentation support on feature change/addition
• ➖ User Guide Documentation support on feature change/addition
• ➖ UX/UI designer responsibilities
• ➖ Accessibility and Readability
• ✅ Code review from 1 Varbase core team member
• ✅ Full testing and approval
• ✅ Credit contributors
• ✅ Review with the product owner
• ✅ Update Release Notes
• ❌ Release varbase-11.0.0-alpha1, varbase_starter-1.0.0-alpha1, varbase_security_base-1.0.0-alpha1

User interface changes

• N/A

API changes

• N/A

Data model changes

• N/A

Release notes snippet

• feat: #3586270 Add Security Review module to Varbase Security Base recipe