[Sync] Update project files from source repository (94662c9)

[mrz1836]

What Changed

• Updated MAGE_X_VERSION from v1.12.2 to v1.13.0 in .github/.env.base
• Replaced CVE exclusion examples with fake/placeholder CVE IDs (CVE-2024-38513,CVE-2023-45142 → CVE-9999-12345,CVE-9999-43210) in both NANCY_EXCLUDES and MAGE_X_CVE_EXCLUDES variables
• Updated CVE exclusion comments to clarify they are "fake examples" and enhanced usage documentation
• Increased GO_BROADCAST_AI_MAX_TOKENS from 2000 to 5000
• Added new commented-out configuration option GO_BROADCAST_DEBUG_DIFF_PATH=/tmp/debug-diff.txt for diff debugging
• Added explicit permissions: contents: read to the load-env job in three workflow files: dependabot-auto-merge.yml, stale-check.yml, and sync-labels.yml with documentation comment explaining it's required for sparse checkout

Why It Was Necessary

• Upgrading mage-x to v1.13.0 brings in latest features and fixes from the upstream release
• Using placeholder CVE IDs prevents confusion about actual vulnerabilities in documentation/examples
• Increasing AI token limit allows for processing larger diffs and generating more comprehensive responses
• Explicit permission declarations improve GitHub Actions security posture and make required access levels transparent

Testing Performed

• Verify workflow syntax is valid and jobs can access repository content with new permissions
• Confirm environment variable loading works with updated configuration values
• Test AI broadcast functionality respects the increased token limit
• Validate mage-x v1.13.0 integration with existing automation

Impact / Risk

• Breaking Change: None - configuration changes are backwards compatible
• Risk: Low - permission additions are explicit grants for already-used functionality (sparse checkout)
• Performance: Increased token limit may result in higher AI API costs but enables better output quality
• Migration: CVE exclusions now use fake examples; teams should replace with actual CVE IDs if needed

[github-actions]

Code Coverage Analysis

🟡 Overall Coverage: 82.0%
No Go files modified in this PR

Project coverage remains at 82.0% (3.0K/3.6K statements)

Changes: 4 config files

Coverage Metrics

Metric	Value	Grade	Trend
Percentage	82.0%	⭐ B	📊
Statements	3.0K/3.6K	⭐ B	No change
Quality Score	82/100	⭐ B	📈

Coverage Breakdown

████████████░░░ 82.0%

Resources

• 📊 PR Coverage Report
• 🏷️ PR Coverage Badge

---

Generated via go-coverage • 2025-12-23 20:11:18 UTC