Add guard policy, Node 24 opt-in, and safe output max

- Add tools.github.min-integrity: approved for content guard policy
- Add pull-requests: read permission (required by default toolsets)
- Add FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true env var to opt into
  Node 24 early and suppress the Node 20 deprecation warning
- Add max: 1 to create-issue safe output for explicit limit

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: jeffhandley

.github/workflows/sdk-tier-audit.lock.yml

@@ -4,15 +4,26 @@ description: "SDK Tier Audit"
 permissions:
   contents: read
   issues: read
+  pull-requests: read
 
 safe-outputs:
   create-issue:
     title-prefix: "[C# SDK Tier Audit] "
     labels: [automation]
     close-older-issues: true
+    max: 1
+  noop:
+    report-as-issue: false
+
+tools:
+  github:
+    min-integrity: approved
 
 if: github.repository_owner == 'modelcontextprotocol' || github.event_name == 'workflow_dispatch'
 
+env:
+  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
+
 concurrency:
   group: tier-audit-${{ github.event.inputs.scope || 'Conformance + Repo Health' }}
   cancel-in-progress: true