chore(workflow): add SDK parity dispatch workflow

[salihdev0]

• Introduced a new GitHub Actions workflow for SDK parity dispatch.
• Triggers on push and pull request events for changes in the src directory and package.json.
• Utilizes a reusable workflow from the tapsilat/tapsilat-sdk-parity repository.
• Inherits secrets for secure access during execution.

[Copilot]

Pull request overview

Adds a new GitHub Actions workflow that dispatches an SDK parity check by invoking a reusable workflow from tapsilat/tapsilat-sdk-parity, scoped to changes in src/** and package.json.

Changes:

• Introduced SDK Parity Dispatch workflow triggered on push, pull_request, and manual workflow_dispatch.
• Configured path filters to run only when src/** or package.json changes.
• Delegated execution to an external reusable workflow and inherited caller secrets.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The reusable workflow reference is pinned to @main, which is mutable. Since this job also inherits secrets, upstream changes on main could unexpectedly change behavior or exfiltrate secrets. Pin the reusable workflow to an immutable ref (a commit SHA or a version tag) and update it intentionally when needed.

[Copilot]

secrets: inherit passes all repository/environment secrets to the called workflow. Given this calls a reusable workflow from a different repository, this is a broad secret exposure surface. Prefer explicitly passing only the specific secrets the reusable workflow needs (or avoid secrets entirely if possible).

[Copilot]

This workflow doesn’t declare explicit permissions. When invoking external reusable workflows (especially alongside secret usage), it’s safer to set least-privilege permissions for GITHUB_TOKEN (for example contents: read and only additional scopes if required).