chore: CI hardening — action pinning, concurrency, timeouts

## Valid findings from external audit (2026-03-17)

These are the non-hallucinated items from an external audit that reviewed the repo. Already covered by `docs/plans/2026-03-16-ci-test-suite-design.md` but tracked here for visibility.

### Action items

- [ ] Pin GitHub Actions to commit SHAs (not `@v3` tags)
- [ ] Add `concurrency:` group with `cancel-in-progress: true` to workflow
- [ ] Add `timeout-minutes:` to all CI jobs
- [ ] Add `shell: bash` explicitly to cross-platform workflow steps
- [ ] Consider `.gitattributes` with `* text=auto eol=lf` for Windows CI consistency

### Context

These belong to the CI/test-suite hardening PR, not the rule compression PR. Parking here so they don't get lost.

Coding-Agent: claude-code
Model: claude-opus-4-6

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore: CI hardening — action pinning, concurrency, timeouts #4

Valid findings from external audit (2026-03-17)

Action items

Context

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Uh oh!

chore: CI hardening — action pinning, concurrency, timeouts #4

Description

Valid findings from external audit (2026-03-17)

Action items

Context

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions