Simpler sast

[GrosQuildu]

Both:

• Removed triaging steps (skills return almost raw results)
• Better descriptions with specific trigger language
• Progressive disclosure pattern applied throughout (lean SKILL.md → references/ + workflows/)
• Plugin version bumped

Semgrep:

• SKILL.md slimmed down; content extracted to new references/scan-modes.md and workflows/scan-workflow.md
• Removed the separate semgrep-triager agent — triage folded into the scanner agent
• Scanner agent improved with language-scoping (--include flags) and better GitHub URL handling
• Simplified merge_triaged_sarif.py

CodeQL:

• Three workflow files heavily cut down (build-database, create-data-extensions, run-analysis)
• Six new reference files extracted (build-fixes, extension-yaml-format, important-only-suite, macos-arm64e workaround, quality-assessment, run-all-suite, sarif-processing)