Feature/osa package with ai tooling guards

[FrederickEngelhardt]

Description

• Adds a cli for osa which can be called via yarn osa combining osa-setup into this cli and allowing other apis like osa copilot audit-auto-approve
• adds osa copilot audit-auto-approve to prevent ais running wild and/or doing unchecked actions that could break an entire codebase.
• add setup documentation.

Type of Change

• 🐛 Bug fix (patch)
• ✨ New feature (minor)
• 💥 Breaking change (major)
• 📚 Documentation update
• 🔒 Security fix
• 🔧 Maintenance/Refactoring

Release Management

For automatic release on merge, add one of these labels:

• release:major - Breaking changes, incompatible API changes (bumps 1.x.x → 2.0.0)
• release:minor - New features, backwards-compatible (bumps x.1.x → x.2.0)

No label = No automatic release (manual release via GitHub Actions later)

Testing

• Tested on macOS
• Tested on Linux
• Tested on WSL
• Ran ./osa-cli.zsh --scan-secrets (if touching constructors)
• Ran tests: ./tests/run-tests.zsh

Checklist

• My code follows the zsh style of this project
• I have added #!/usr/bin/env zsh shebang to new scripts
• I have updated documentation (if applicable)
• No hardcoded secrets (use osa-secret-set instead)
• All files use .zsh extension (unless intentionally .sh for bash)
• I have added appropriate release label (release:major or release:minor)

Additional Context