[codex] Add policy JSON Actions consumer example

[stacknil]

Brief Design Summary

This PR adds a docs/example-only GitHub Actions consumer workflow for --policy-json PATH.

The new checked-in example shows how a consumer repository can install sbom-diff-risk from the GitHub Release wheel, run a local policy-gated comparison, capture outputs/policy.json, upload the policy evidence even when local policy fails, and fail the job from summary.policy rather than inventing a second policy model.

This does not modify this repository's workflows. The new YAML lives under tools/sbom-diff-and-risk/examples/ as copyable consumer documentation only.

Files Changed

• tools/sbom-diff-and-risk/examples/github-actions-policy-consumer.yml
• tools/sbom-diff-and-risk/docs/github-actions-consumer-example.md
• tools/sbom-diff-and-risk/docs/policy-decision-ci-cookbook.md
• tools/sbom-diff-and-risk/README.md

Validation

• Parsed the new example YAML with PyYAML.
• Confirmed relative link targets exist.
• Checked touched files for Unicode Cf/Cc control or format characters; no non-tab/newline matches found.
• python -m pytest tests/test_cli_policy_json.py: 4 passed.
• git diff --check: passed.
• Confirmed package version remains 0.8.0.
• Confirmed .github/workflows is unchanged.

Out of Scope

• No runtime behavior changes
• No CLI changes
• No JSON schema changes
• No repository workflow changes
• No package version bump
• No tag or GitHub Release
• No PyPI/TestPyPI publishing
• No production PyPI workflow