ci: encode SARIF upload category in run automation details

[haasonsaas]

Summary

• encode the uploader category in each SARIF run via automationDetails.id
• keep the REST upload payload limited to supported Code Scanning API fields

Verification

• python3 -m py_compile scripts/upload-sarif-to-code-scanning.py
• mocked upload smoke test asserting category is absent from the REST body and present in SARIF automationDetails.id
• actionlint .github/workflows/ci.yml
• git diff --check

Follow-up to #67 and evalops/.github#32.

[cursor]

PR Summary

Medium Risk
Touches the CI SARIF preprocessing and upload path; incorrect automationDetails.id handling or multi-run suffixing could change alert grouping/deduplication in GitHub Code Scanning.

Overview
Updates the SARIF uploader to embed the provided --category into the SARIF content by setting each run’s automationDetails.id (with .../run-N suffixing for multi-run files) before compression/upload.

Removes use of the Code Scanning REST category field from the upload request body, keeping the POST payload limited to the core supported fields while still providing stable run-level grouping metadata.

^{Reviewed by Cursor Bugbot for commit cd752ba. Bugbot is set up for automated code reviews on this repo. Configure here.}

[github-advanced-security]

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

• The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
• Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
• You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.