Adds scripts/base64-scan.sh and a corresponding CI step to detect prompt injection payloads that are base64-encoded to evade the existing docs-prompt-injection-scan.sh check.
