Add conformance-tier-audit agentic workflow

Create a GitHub Agentic Workflow that runs the MCP SDK conformance
tier audit every Thursday at 14:00 UTC (6:00 AM PST). The workflow
uses the Copilot CLI engine to follow the conformance-tier-audit
skill and writes the assessment and remediation reports to the
GitHub Actions step summary.

Scheduled runs are blocked on forks; workflow_dispatch works on
both upstream and forks.

- conformance-tier-audit.md: Source workflow with frontmatter
  (schedule, runtimes, network, tools) and natural-language
  instructions for the agent
- conformance-tier-audit.lock.yml: Compiled workflow (gh-aw v0.62.2)
  with SHA-pinned actions and firewall configuration
- actions-lock.json: SHA-pinned action references

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: jeffhandley

.gitattributes

@@ -62,3 +62,5 @@
 *.fsproj text
 *.dbproj text
 *.sln text eol=crlf
+
+.github/workflows/*.lock.yml linguist-generated=true merge=ours

.github/aw/actions-lock.json

@@ -0,0 +1,14 @@
+{
+  "entries": {
+    "actions/github-script@v8": {
+      "repo": "actions/github-script",
+      "version": "v8",
+      "sha": "ed597411d8f924073f98dfc5c65a23a2325f34cd"
+    },
+    "github/gh-aw-actions/setup@v0.62.2": {
+      "repo": "github/gh-aw-actions/setup",
+      "version": "v0.62.2",
+      "sha": "20045bbd5ad2632b9809856c389708eab1bd16ef"
+    }
+  }
+}