fix(ci): rewrite probe — scrape .gdn/i/ dirs, fix broken cache SHA, dispatch breach monitor

[DimaBir]

Summary

• Rewrites toolchain version probe to scrape MSDO's actual install dirs (.gdn/i/{type}/{pkg}.{version}/) instead of parsing .gdntool XML — simpler, no fragile XML parsing, works with the real MSDO install side effect
• Removes broken actions/cache@1bd1e32a... SHA that caused the probe to fail on set-up (SHA doesn't exist)
• Probe now dispatches the breach monitor after committing fresh versions, removing the schedule race condition
• Breach monitor prompt rewritten with explicit API endpoints, 7-day recency window, ongoing-always-flag rule, repo archival check, and per-ecosystem advisory queries — addresses all gaps found in first run (noop despite active Trivy incident)

Why the previous run failed

actions/cache@1bd1e32a3bdc45362d1e726936510720a7c6158d is not a valid SHA — the action set-up step errored immediately. Correct SHA for v4.2.2 is d4323d4df104b026a6aa633fdb11d772146be0bf, but the approach was rearchitected away from caching entirely.

Test plan

• Trigger probe manually after merge: gh workflow run toolchain-version-probe.yml
• Verify .github/toolchain-versions.json committed with resolved versions
• Verify breach monitor dispatched automatically and reads pinned versions in Step 0