ci: drop dependabot-commit-dist workflow handoff

Avoid Code Scanning alert for newly added workflow. To be
revisited in future work.

Removes the workflow_run-based handoff that rebuilt and pushed
'server/dist/**' back to Dependabot PR branches, along with the
upload-artifact step and Dependabot-specific dirty-tree guard in
'build-server.yml' that fed it.

- Delete '.github/workflows/dependabot-commit-dist.yml'
- Remove 'server-dist' upload-artifact step from build-server.yml
- Drop 'if: github.actor != dependabot[bot]' on the dirty-tree
  check so it now fails loudly for all PRs, including Dependabot

Author: data-douser

.github/workflows/build-server.yml

@@ -54,21 +54,7 @@ jobs:
       - name: Build Server - Bundle application
         run: npm run bundle
 
-      ## Consumed by dependabot-commit-dist.yml via workflow_run.
-      - name: Build Server - Upload server/dist artifact
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
-        with:
-          name: server-dist
-          path: |
-            server/dist/codeql-development-mcp-server.js
-            server/dist/codeql-development-mcp-server.js.map
-          if-no-files-found: error
-          retention-days: 7
-
-      ## Skipped for Dependabot PRs: dependabot-commit-dist.yml will push the
-      ## rebuilt 'server/dist' back to the PR branch.
       - name: Build Server - Check for uncommitted changes
-        if: github.actor != 'dependabot[bot]'
         run: |
           if [ -n "$(git status --porcelain)" ]; then
             echo "❌ Uncommitted changes detected after build:"