Add brakeman to new Rails applications

It can be skipped with the `--skip-brakeman` flag.

Closes rails#50501

railties/lib/rails/generators/app_base.rb

@@ -103,6 +103,9 @@ def self.add_shared_options_for(name)
         class_option :skip_rubocop,        type: :boolean, default: nil,
                                            desc: "Skip RuboCop setup"
 
+        class_option :skip_brakeman,       type: :boolean, default: nil,
+                                           desc: "Skip brakeman setup"
+
         class_option :dev,                 type: :boolean, default: nil,
                                            desc: "Set up the #{name} with Gemfile pointing to your Rails checkout"
 
@@ -386,6 +389,9 @@ def skip_rubocop?
         options[:skip_rubocop]
       end
 
+      def skip_brakeman?
+        options[:skip_brakeman]
+      end
 
       class GemfileEntry < Struct.new(:name, :version, :comment, :options, :commented_out)
         def initialize(name, version, comment, options = {}, commented_out = false)

railties/lib/rails/generators/rails/app/templates/Gemfile.tt

@@ -40,6 +40,11 @@ end
 <% end -%>
 
 group :development do
+<%- unless options.skip_brakeman? -%>
+  # Analyze code for Security Vulnerabilities [https://brakemanscanner.org/]
+  gem "brakeman", require: false
+
+<%- end -%>
 <%- unless options.skip_rubocop? -%>
   # Omakase Ruby styling [https://github.com/rails/rubocop-rails-omakase/]
   gem "rubocop-rails-omakase", require: false

railties/lib/rails/generators/rails/app/templates/bin/brakeman.tt

@@ -0,0 +1,4 @@
+require "rubygems"
+require "bundler/setup"
+
+load Gem.bin_path("brakeman", "brakeman")