test: add tier-11 scenarios and CI validation

[davidahmann]

Problem

The repo lacked a deterministic scenario-fixture lane that validates higher-risk Gate and artifact behaviors in a reusable, CI-enforced way.

Changes

• add internal/scenarios scenario execution + fixture validation tests
• add Tier 1.1 scenario fixtures under scenarios/gait/*
• add helper scripts: scripts/run_scenarios.sh and scripts/validate_scenarios.sh
• wire scenario checks into CI and fast-PR workflows
• update Makefile, go.mod, go.sum, and CODEOWNERS for scenario coverage and ownership

Validation

• gait doctor --json (pass)
• make prepush-full (pass, includes lint/vet/gosec/govulncheck/tests/coverage/codeql)
• pre-push hook make prepush during git push (pass)

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 1e90375ed9

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Stop invoking Fatalf-capable helper from worker goroutines

runConcurrentScenario calls runCommand inside spawned goroutines, and runCommand calls t.Fatalf on non-exit execution errors. In Go tests, Fatalf/FailNow must run on the main test goroutine; when a command cannot be started (for example, bad binary path/permissions or OS exec failure), this can trigger FailNow from a worker goroutine and produce unstable failures instead of a clean per-run error report. Return this path as an error through errCh rather than calling t.Fatalf from the helper used concurrently.

Useful? React with 👍 / 👎.