Add canonical code index generator, tests, and governance validation/repair enhancements

[CAM-Initiative]

Motivation

• Provide a deterministic generator for the repository's canonical code registry and surface machine-readable outputs under .github/Indices for downstream consumers.
• Harden amendment-ledger and section-reference validation to surface malformed rows and short/ambiguous document references as actionable failures.
• Add deterministic repair tooling to perform safe, constrained fixes for common, automatable validation failures.

Description

• Add .github/scripts/build-canonical-code-index.py which scans Governance/*.md canonical declaration tables and emits .github/Indices/canonical-code-index.md and .github/Indices/canonical-code-index.json and a --check mode that validates duplicates and conflicts.
• Commit generated index outputs: .github/Indices/canonical-code-index.md and .github/Indices/canonical-code-index.json.
• Enhance lint_amendment_ledger.py to detect and report malformed amendment-ledger rows with line numbers, normalize historical blank hashes deterministically, and produce clearer failure messages.
• Add repair_governance_validations.py to attempt safe, deterministic repairs for short-document refs, missing sections (when uniquely resolvable), and malformed amendment-ledger rows; unresolved items are recorded in a report.
• Update validate_markdown_section_refs.py to treat short/ambiguous instrument references as blocking fail_short_document_reference, emit TSV report when --report-file is supplied, and optionally write a GitHub step summary.
• Wire the new generator and validation/reporting into CI and documentation by updating .github/workflows/governance-rebuild.yml, .github/workflows/Workflows.md, and maintainer docs in .github/scripts/Maintainer.md.
• Add unit tests for the new and changed validators and repair tooling under .github/scripts/tests/ including test_build_canonical_code_index.py, test_repair_governance_validations.py, and updates to ledger/section-ref tests to reflect stricter failure modes.

Testing

• Ran the canonical index builder in check mode with python .github/scripts/build-canonical-code-index.py --root Governance --check against sample governance fixtures and observed no blocking errors.
• Executed the new unit test suite with python -m pytest .github/scripts/tests, including test_build_canonical_code_index.py, test_repair_governance_validations.py, and updated test_lint_amendment_ledger_sha_policy.py, and the tests passed.
• Ran section-reference validator with report generation using python .github/scripts/validate_markdown_section_refs.py --root Governance --report-file validation-reports/section-reference-report.tsv to verify TSV output and GitHub step-summary writing in CI integration.

---

Codex Task