[codex] Add example artifact regeneration check

[stacknil]

Brief Design Summary

This PR adds a local example artifact regeneration utility for sbom-diff-and-risk.

The new scripts/regenerate-example-artifacts.py script regenerates checked-in no-network JSON, Markdown, summary, and policy sidecar example artifacts through the public CLI. Its --check mode generates into a temporary directory and fails when checked-in examples are stale, which gives future example input changes and Dependabot bumps a deterministic maintenance path.

The PR also documents the regeneration workflow from the tool README and reviewer evidence pack.

Files Changed

• tools/sbom-diff-and-risk/scripts/regenerate-example-artifacts.py
• tools/sbom-diff-and-risk/tests/test_example_artifacts.py
• tools/sbom-diff-and-risk/docs/example-artifact-regeneration.md
• tools/sbom-diff-and-risk/README.md
• tools/sbom-diff-and-risk/docs/reviewer-evidence-pack.md

Tests Added/Updated

Added test coverage for:

• python scripts/regenerate-example-artifacts.py --check
• stale checked-in local example artifact detection through the script check path

Validation

cd tools/sbom-diff-and-risk
python scripts/regenerate-example-artifacts.py --check
python -m pytest
python -m build
$files = Get-ChildItem dist -File | ForEach-Object { $_.FullName }
python -m twine check $files
git diff --check

Results:

• example artifact check passed
• python -m pytest: 163 passed
• python -m build: passed, produced sbom_diff_and_risk-0.9.0 wheel and sdist
• python -m twine check: passed for wheel and sdist
• git diff --check: passed
• package version remains 0.9.0
• .github/workflows unchanged
• broad Unicode Cf/Cc scan found no non-tab/newline control or format characters in touched files

Out of Scope

• No runtime CLI behavior changes
• No report schema changes
• No example output content changes
• No workflow changes
• No package version bump
• No tag or GitHub Release
• No PyPI/TestPyPI publishing
• No production PyPI workflow