Stabilize iOS/watchOS/tvOS apps and add cross-platform audit remediation

scripts/ci/scan_tokens.sh

@@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
+cd "$ROOT_DIR"
+
+PATTERN='(Token[[:space:]]+[A-Za-z0-9._-]{20,}|eyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}|\b[a-fA-F0-9]{40,}\b)'
+
+MATCHES="$(rg -n --no-heading -S "$PATTERN" \
+  iphone WekoutThotViewer SharedCore \
+  --glob '!**/*.xcodeproj/**' \
+  --glob '!**/Tests/**' \
+  --glob '!**/*.md' \
+  --glob '!**/.build/**' || true)"
+
+if [[ -n "$MATCHES" ]]; then
+  echo "Potential hardcoded token(s) detected:" >&2
+  echo "$MATCHES" >&2
+  echo "If a match is intentional, redact it or move it to secure runtime configuration." >&2
+  exit 1
+fi
+
+echo "Token scan passed."