ci: Enforce PR labels for breaking changes and auditability (#169)

## Summary
- Add GitHub Action workflow to enforce required labels on pull requests
- Ensure PRs are properly categorized for breaking changes and audit
requirements
- Validate breaking change documentation when breaking label is present

## Details

This PR introduces a new GitHub Actions workflow
(`enforce-pr-labels.yml`) that runs on all pull request events to
enforce proper labeling standards:

### Label Requirements

1. **Noteworthiness labels** (one required):
   - `B0-silent` - No client/runtime impact
   - `B5-clientnoteworthy` - Client-facing changes
   - `B7-runtimenoteworthy` - Runtime changes

2. **Breaking change labels** (required when noteworthy):
   - `breaking` - Contains breaking changes
   - `not-breaking` - No breaking changes
   
3. **Auditability labels** (one required):
   - `D1-audited👍` - Already audited
   - `D5-nicetohaveaudit⚠️` - Audit would be beneficial
   - `D9-needsaudit👮` - Requires audit
   - `D2-notlive` - Not for production
   - `D3-trivial` - Trivial change

### Validation

When a PR is marked with the `breaking` label, the workflow validates
that the PR description contains a "## ⚠️ Breaking Changes ⚠️" section
to ensure breaking changes are properly documented.

🤖 Generated with [Claude Code](https://claude.ai/code)

.github/workflows/enforce-pr-labels.yml

@@ -0,0 +1,56 @@
+name: Enforce PR labels
+
+on:
+  pull_request:
+    types: [labeled, unlabeled, opened, edited, synchronize]
+jobs:
+  enforce-noteworthiness-label:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - uses: yogevbd/enforce-label-action@2.2.2
+        with:
+          REQUIRED_LABELS_ANY: "B0-silent,B5-clientnoteworthy,B7-runtimenoteworthy"
+          REQUIRED_LABELS_ALL: ""
+          BANNED_LABELS: ""
+      - name: Verify breaking changes label
+        if: contains(github.event.pull_request.labels.*.name, 'B5-clientnoteworthy') || contains(github.event.pull_request.labels.*.name, 'B7-runtimenoteworthy')
+        uses: yogevbd/enforce-label-action@2.2.2
+        with:
+          REQUIRED_LABELS_ANY: "breaking,not-breaking"
+          REQUIRED_LABELS_ALL: ""
+          BANNED_LABELS: ""
+  enforce-auditability-label:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - uses: yogevbd/enforce-label-action@2.2.2
+        with:
+          REQUIRED_LABELS_ANY: "D1-audited👍,D5-nicetohaveaudit⚠️,D9-needsaudit👮,D2-notlive,D3-trivial"
+          REQUIRED_LABELS_ALL: ""
+          BANNED_LABELS: ""
+  validate-breaking-description:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Validate PR for "breaking" label and description
+        env:
+          PR_BODY: ${{ github.event.pull_request.body }}
+          PR_LABELS: ${{ toJson(github.event.pull_request.labels) }}
+        run: |
+          echo "Pull Request Labels: $PR_LABELS"
+          echo "Pull Request Body: $PR_BODY"
+
+          # Check if "breaking" label is set
+          if echo "$PR_LABELS" | grep -q '"breaking"'; then
+            echo "Label 'breaking' is present. Checking description..."
+            if echo "$PR_BODY" | grep -qi "## ⚠️ Breaking Changes ⚠️"; then
+              echo "✅ Description contains the required phrase."
+            else
+              echo "❌ Description does not contain the required phrase '## ⚠️ Breaking Changes ⚠️'."
+              exit 1
+            fi
+          else
+            echo "Label 'breaking' is not present. No validation needed."
+          fi