ci: add NuGet cache and grant Repo Assist workflows write permission

[Copilot]

Repo Assist couldn't push its CI improvement (NuGet caching) because it lacked workflows: write permission, causing it to fall back to an issue instead of a PR. This applies the caching change directly and unblocks future workflow-file PRs from Repo Assist.

Changes

• dotnet.yml — adds actions/cache@v4 step between Setup .NET and Restore, keyed on **/*.csproj hash with OS-prefixed restore-key fallback:

  - name: Cache NuGet packages
    uses: actions/cache@v4
    with:
      path: ~/.nuget/packages
      key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj') }}
      restore-keys: |
        ${{ runner.os }}-nuget-

  Saves ~30–60 s per matrix leg (×3 for net8/9/10) on cache hits.

• repo-assist.lock.yml — adds workflows: write to the safe_outputs job permissions so GITHUB_TOKEN can push to .github/workflows/ files.

• repo-assist.md — changes protected-files: fallback-to-issue → protected-files: none for both create-pull-request and push-to-pull-request-branch; takes effect on next gh aw compile.

[Copilot]

⚠️ Not ready to approve

.github/workflows/repo-assist.lock.yml adds an unsupported permissions: workflows: write entry that is likely to break workflow validation or have no effect.

Pull request overview

This PR updates the repository’s GitHub Actions automation to speed up .NET CI runs via NuGet package caching, and to adjust Repo Assist’s ability to generate PRs that touch workflow files.

Changes:

• Add actions/cache@v4 caching for ~/.nuget/packages in .github/workflows/dotnet.yml.
• Update Repo Assist config to allow modifying previously “protected” files by setting protected-files: none.
• Attempt to grant Repo Assist additional workflow-file write capability via permissions changes in repo-assist.lock.yml.

File summaries

File	Description
.github/workflows/dotnet.yml	Adds a NuGet packages cache step to reduce restore time across matrix legs.
.github/workflows/repo-assist.lock.yml	Modifies safe_outputs job token permissions (currently includes an unsupported workflows: write).
.github/workflows/repo-assist.md	Removes protected-file guardrails for Repo Assist PR creation and branch pushes.

Copilot's findings

• Files reviewed: 3/3 changed files
• Comments generated: 3

Note

Your feedback helps us improve the quality of this feature.
Please use 👍 or 👎 to tell us whether this assessment is correct.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.