Build SARIF export for TealSecrets findings with IDE integration

[nagasatish007]

Description

Extend the BundleExporter's SARIF output to produce GitHub Code Scanning-compatible SARIF for TealSecrets findings, enabling inline annotations in PRs.

Problem

TealSecrets can detect 500+ secret patterns, but findings are only visible in logs or the governance dashboard. Teams want secret detection results to appear as inline PR annotations via GitHub Code Scanning (SARIF upload).

Requirements

• Extend BundleExporter to produce SARIF v2.1.0 specifically for secret findings
• Map each secret detector to a SARIF reportingDescriptor with severity, help URI, and description
• Include source location (file, line, column) when scanning file content
• Add a CLI command: tealtiger scan --format sarif --output results.sarif
• Produce output compatible with github/codeql-action/upload-sarif@v3
• Add a GitHub Actions workflow example in examples/ci/

Technical Considerations

• SARIF spec requires stable rule IDs (use detector pattern names)
• Location info requires the scanner to track line/column during detection
• Consider fingerprinting for deduplication across runs
• File paths should be relative to repository root

Validation

• Validate output against SARIF JSON schema
• Test upload to GitHub Code Scanning (manual verification)
• Verify findings appear as PR annotations

Acceptance Criteria

• SARIF output validates against official schema
• GitHub Code Scanning accepts the upload
• Findings show inline in PR diff view
• CLI command documented in README

[lleonardo-franco]

I'd like to work on this

[nagasatish007]

Assigned.

[lleonardo-franco]

Implemented in agentguard-ai/tealtiger-typescript-prod#19. This adds GitHub Code Scanning-compatible SARIF export for TealSecrets findings, file-based scan CLI output, and a GitHub Actions upload example.