fix(workflows): expand dependency-review license allow-list and add docusaurus build step

[WilliamBerryiii]

Description

The dependency-review workflow blocked release-please PR #2256 (chore(main): release hve-core 3.2.1) with five false-positive license violations from docusaurus transitive dependencies. This PR expands the license allow-list using a two-tier strategy and includes two additional fixes discovered during investigation.

Changes

• dependency-review.yml — Added WTFPL and LicenseRef-scancode-unicode to global allow-licenses; added pkg:npm/dompurify and pkg:npm/lunr-languages to per-package allow-dependencies-licenses
• docusaurus-tests.yml — Added Build site step (npm run build) after the test step to catch build failures in CI
• handoff-pipeline.md / phase-reference.md — Escaped curly braces in table placeholders for docusaurus MDX compatibility

Related Issue(s)

Fixes #1167

Type of Change

Code & Documentation:

• Bug fix (non-breaking change fixing an issue)
• New feature (non-breaking change adding functionality)
• Breaking change (fix or feature causing existing functionality to change)
• Documentation update

Infrastructure & Configuration:

• GitHub Actions workflow
• Linting configuration (markdown, PowerShell, etc.)
• Security configuration
• DevContainer configuration
• Dependency update

Other:

• Script/automation (.ps1, .sh, .py)
• Other (please describe):

Testing

• Reviewed dependency-review-action license resolution logic against each of the five failing packages
• Verified WTFPL and LicenseRef-scancode-unicode are permissive licenses safe for global inclusion
• Confirmed dompurify and lunr-languages require per-package exemptions due to compound SPDX expressions containing copyleft options

Checklist

Required Checks

• Documentation is updated (if applicable)
• Files follow existing naming conventions
• Changes are backwards compatible (if applicable)
• Tests added for new functionality (if applicable)

Required Automated Checks

The following validation commands must pass before merging:

• Markdown linting: npm run lint:md
• Spell checking: npm run spell-check
• Frontmatter validation: npm run lint:frontmatter
• Skill structure validation: npm run validate:skills
• Link validation: npm run lint:md-links
• PowerShell analysis: npm run lint:ps

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 86.89%. Comparing base (0fbd111) to head (18e8299).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1168      +/-   ##
==========================================
- Coverage   86.90%   86.89%   -0.02%     
==========================================
  Files          59       59              
  Lines        8774     8774              
==========================================
- Hits         7625     7624       -1     
- Misses       1149     1150       +1     

Flag	Coverage Δ
pester	85.32% <ø> (-0.02%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.
see 1 file with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[github-actions]

Dependency Review Summary

The full dependency review summary was too large to display here (6195KB, limit is 1024KB).

Please download the artifact named "dependency-review-summary" to view the complete report.

View full job summary