Add optional SARIF output so AgentGate findings can be consumed by GitHub code scanning and other security dashboards.
Scope:
- Keep Markdown and JSON behavior unchanged.
- Map blocking findings and warnings to SARIF results.
- Add tests for at least one blocked diff and one warning diff.
Safety boundary: this should not read secrets, upload code, or call external services.
Add optional SARIF output so AgentGate findings can be consumed by GitHub code scanning and other security dashboards.
Scope:
Safety boundary: this should not read secrets, upload code, or call external services.