New tool: SARIF-to-git-diff correlation (`sarif_diff_by_commits`)

## Context

Sub-issue of #208 — **Area 5: No SARIF-to-git-diff correlation tool**

## Problem

There is no MCP tool for determining whether a given SARIF alert is associated with code locations changed in a set of git commits. To triage SARIF results by branch, the user must:
1. Run `git diff --name-only ..HEAD` to get changed files
2. Parse each SARIF file's `results[].locations[].physicalLocation.artifactLocation.uri`
3. Cross-reference manually to classify findings as "new on this branch" vs "pre-existing"

Related: #207 (the planned `gh-ql-mcp-client` Go rewrite addresses some of the SARIF workflow gaps)

## Requirements

- [ ] New tool (e.g. `sarif_diff_by_commits`) that accepts a SARIF file path and a git ref range
- [ ] Partitions SARIF results into "new" vs "pre-existing" based on file-level (and optionally line-level) overlap with the git diff
- [ ] Returns structured output suitable for triage workflows

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

New tool: SARIF-to-git-diff correlation (`sarif_diff_by_commits`) #215

Context

Problem

Requirements

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

New tool: SARIF-to-git-diff correlation (sarif_diff_by_commits) #215

Description

Context

Problem

Requirements

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

New tool: SARIF-to-git-diff correlation (`sarif_diff_by_commits`) #215