ci(workflows): retrigger security workflows after blacksmith routing changes

.github/workflows/sec-audit.yml

@@ -70,6 +70,7 @@ env:
     CARGO_TERM_COLOR: always
 
 jobs:
+    # Run all security lanes on the same Blacksmith-tagged Linux pool for consistent routing.
     audit:
         name: Security Audit
         runs-on: [self-hosted, Linux, X64, blacksmith-2vcpu-ubuntu-2404]

.github/workflows/sec-codeql.yml

@@ -61,6 +61,7 @@ jobs:
               shell: bash
               run: |
                   set -euo pipefail
+                  # Keep both lanes on the Blacksmith Linux pool to avoid provider-specific routing.
                   branch="${GITHUB_HEAD_REF:-${GITHUB_REF_NAME}}"
                   if [[ "$branch" == release/* ]]; then
                     echo 'labels=["self-hosted","Linux","X64","blacksmith-2vcpu-ubuntu-2404"]' >> "$GITHUB_OUTPUT"