feat: add 3 new error entries (permissions-auth x1, runner-environment x2)

[htekdev]

New Error Entries

pa-123 — permissions-auth

Reusable workflow nested job requests higher permission than caller grants

• Source: actions/runner#4151
• Error: The nested job 'build' is requesting 'packages: write', but is only allowed 'packages: read'.
• Root cause: GitHub validates reusable workflow permissions at parse time — if: false and needs: conditions cannot guard against this structural check
• Fix: Elevate caller permission, omit the restrictive key, or split into separate reusable workflows

re-493 — runner-environment

Ubuntu runner toolcache Ruby gem directories world-writable — RubyGems insecure-removal error

• Source: actions/runner-images#13647
• Error: /opt/hostedtoolcache/Ruby/.../gems/... is world-writable and does not have the sticky bit set, making it insecure to remove due to potential vulnerabilities.
• Root cause: Ubuntu 24.04 image version 20260201.15.1 provisioned Ruby toolcache with 777 permissions; RubyGems/Bundler aborts on world-writable gem dirs
• Fix: chmod o-w workaround or use ruby/setup-ruby instead of toolcache

re-494 — runner-environment

dotnet dev-certs https --trust fails with EventSource ID mismatch on Ubuntu — exit code 4

• Source: actions/runner-images#13705
• Error: [0] ERROR: Exception in Command Processing for EventSource Dotnet-dev-certs: Event WslWindowsTrustSucceeded was assigned event ID 115 but 113 was passed to WriteEvent.
• Root cause: Ubuntu 24.04 image version 20260217.30.1 introduced an EventSource ID mismatch breaking dotnet dev-certs https --trust (exit code 4)
• Fix: Skip --trust on Linux with if: runner.os != 'Linux' guard; trust is unreliable in headless Linux CI