feat: Auto-link GitHub PR/issue references in chat messages

[StephaneDelcroix]

Summary

Adds built-in linkification for GitHub PR/issue references in chat messages. Plain-text references like #123 and owner/repo#123 are automatically converted to clickable links that open in the browser.

What Changed

• GitHubReferenceLinker.cs — New static utility that post-processes Markdig HTML output to convert GitHub references to <a> links
  • Handles fully-qualified refs (owner/repo#123) without any repo context
  • Handles bare refs (#123) when the session has a known repo URL
  • Safely skips content inside <a>, <code>, <pre>, <script>, <style> tags
  • Skips HTML entities ({) and URL fragments (/path#123)
• ChatMessageList.razor — Calls linker in RenderMarkdown, accepts RepoUrl parameter
• ChatMessageItem.razor — Passes RepoUrl to RenderMarkdown calls
• ExpandedSessionView.razor / SessionCard.razor / Dashboard.razor — Thread RepoUrl from session context
• CopilotService.Organization.cs — New GetRepoUrlForSession() method resolves repo URL via WorktreeId or group RepoId

Tests

• 30 new unit tests covering all patterns and edge cases
• All 1575 existing tests continue to pass (1 pre-existing flaky test unrelated)

[StephaneDelcroix]

✅ Multi-Model Review: Ready to Merge

Initial 5-model review found an XSS vulnerability (4/5 models flagged):

🟡 GitHubReferenceLinker.cs:ExtractOwnerRepo — SSH remote URLs returned the path verbatim with no validation. A crafted remote like git@github.com:org/repo" onclick="alert(1).git could break out of the href attribute.

Fix applied in commit ee3202d:

• Added SafeOwnerRepoRegex (^[A-Za-z0-9._-]+/[A-Za-z0-9._-]+$) validation on both SSH and HTTPS extraction paths
• 2 regression tests added for malicious URLs
• All 32 GitHubReferenceLinker tests pass

Post-fix re-review (5 models): All confirmed XSS is fixed. No new consensus issues.