Add SARIF output for GitHub Code Scanning integration

## Context

pulser has a GitHub Action (`action.yml`) but diagnostics only appear in the log. If we output SARIF format, GitHub will show issues as **inline annotations directly on PR diffs** — like ESLint and CodeQL do.

## What is SARIF

[SARIF 2.1.0](https://sarifweb.azurewebsites.net/) is the standard format for static analysis results. GitHub Code Scanning natively supports it.

## What to do

1. Add `"sarif"` to the `OutputFormat` union type in `src/types.ts`
2. Add a `reportSarif()` function in `src/reporter.ts` that maps `Diagnostic[]` → SARIF schema
3. Update `action.yml` to upload the SARIF file via `github/codeql-action/upload-sarif`

## Example SARIF output

```json
{
  "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json",
  "version": "2.1.0",
  "runs": [{
    "tool": { "driver": { "name": "pulser", "version": "1.0.0" } },
    "results": [{
      "ruleId": "gotchas",
      "level": "error",
      "message": { "text": "Missing Gotchas section" },
      "locations": [{ "physicalLocation": { "artifactLocation": { "uri": ".claude/skills/my-skill/SKILL.md" } } }]
    }]
  }]
}
```

## Files to modify

- `src/types.ts` (OutputFormat)
- `src/reporter.ts` (new function)
- `src/index.ts` (format validation)
- `action.yml` (SARIF upload step)

## Difficulty: Medium

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add SARIF output for GitHub Code Scanning integration #4

Context

What is SARIF

What to do

Example SARIF output

Files to modify

Difficulty: Medium

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Add SARIF output for GitHub Code Scanning integration #4

Description

Context

What is SARIF

What to do

Example SARIF output

Files to modify

Difficulty: Medium

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions