feat: add dependabot-analyzer plugin

[emma-praxis]

Summary

• Adds a new dependabot-analyzer plugin that automates Dependabot PR triage
• Fans out parallel sub-agents (one per PR) to assess upgrade risk, auto-merges safe patches, diagnoses CI failures, and creates issues for PRs needing human review
• Supports both GitHub Issues and Linear for issue tracking, with per-project config via .claude/dependabot-analyzer.json

Plugin Structure

plugins/dependabot-analyzer/
├── .claude-plugin/plugin.json
├── README.md
└── skills/dependabot-analyzer/
    ├── SKILL.md                         # 5-phase workflow
    ├── scripts/discover-prs.sh          # PR discovery via gh CLI
    ├── scripts/check-dep-health.sh      # Package registry health checks
    ├── references/risk-model.md         # 7-factor scoring rubric (0-100)
    ├── references/ci-diagnosis-guide.md # Failure classification + fix protocol
    ├── assets/report-template.md        # Consolidated analysis report
    ├── assets/github-issue-template.md  # Issue body template
    └── assets/config-schema.json        # JSON Schema for user config

Key Design Decisions

• One agent per PR (not per risk factor) — cross-cutting analysis requires full PR context
• Read-only Phase 2, isolated Phase 3 — analysis agents never modify files; CI fix agents use worktree isolation
• Sequential CI fixes — prevents branch conflicts between related dependency updates
• Issue deduplication — checks for existing open issues before creating new ones (safe for scheduled runs)
• No built-in scheduling — relies on Claude Code's native /schedule command

Test plan

• plugin.json validates as valid JSON
• marketplace.json validates as valid JSON with new entry
• config-schema.json validates as valid JSON Schema
• SKILL.md frontmatter passes quick_validate.py
• End-to-end: install plugin, run on a repo with open Dependabot PRs
• Config edge cases: no config file (defaults), Linear config, exclude_packages