feat: sonarscanner-dotnet

[aahmed-dfe]

Context

Introduce a reusable GitHub composite action for running SonarCloud analysis on .NET applications.

This replaces the need for each repository to configure SonarScanner setup, SDK handling, Java setup, and begin/build/end wrapping individually.

As EducationProviderRegistry has 3 repositories that will use Sonar, this seemed a good time to do this. We have a working example on GetInformationAboutPupils.

There are many dotnet projects that consume the cli scanner in DFE-Digital

Changes proposed in this pull request

## Example consumer

- name: SonarCloud scan
  uses: DFE-Digital/github-actions/sonarscan-dotnet@main
  with:
    sonarcloud-project-key: your_project_key
    sonarcloud-token: ${{ secrets.SONAR_TOKEN }}
    coverage-report-path: merged-coverage-reports/SonarQube.xml

Guidance to review

Example consumer on GIAP

• PR
• Action

After merging

[] Adopt across other projects
[] Java17 deprecation warning from July 26...

Checklist

• I have performed a self-review of my code, including formatting and typos
• I have cleaned the commit history
• I have added the Devops label
• I have attached the pull request to the trello card

[nomankhans21]

Worth checking if we can add ::add-mask:: for the token as a precaution, consistent with how other actions in this repo handle secrets e.g. fix-airbyte-lsn.

[aahmed-dfe]

@nomankhans21 thanks - applied feedback.

I've also tested this in a consumer https://github.com/DFE-Digital/get-information-about-pupils/actions/runs/27014377030/job/80368374795

[aahmed-dfe]

It might be worth documenting recommended patterns in a CODING_STANDARDS or equivalent for future actions?