How would you design a secure CI/CD pipeline with automated security checks, approvals, and rollback at Cisco?