ci: fix benchee/hex-audit required-check deadlock (pass-through shim)

[hyperpolymath]

What

Pass-through shim for elixir-ci.yml — fixes the required-check deadlock on the benchee scripts compile and hex audit jobs (same pattern as echidna#256).

Why

elixir-ci.yml is path-filtered on pull_request (elixir-orchestration/**), but two of its jobs are required status checks. Any PR not touching elixir-orchestration/ deadlocks — branch protection waits for runs that never happen.

Fix

Drop the pull_request paths-filter so each job always runs (required checks always report); a Detect relevant changes step gates the heavy work to real elixir-orchestration/ changes. push stays path-filtered (post-merge unchanged); job names preserved.

Note: the fuzz targets compile (…) required contexts are NOT broken — they're matrix jobs in the always-run rust-ci.yml; the 2026-06-14 audit's "phantom" flag for them was a static-matcher false positive (verified). No change needed there.

Identified by the 2026-06-14 required-check deadlock audit (dev-notes/audits/).

🤖 Generated with Claude Code

[github-actions]

🔍 Hypatia Security Scan

Findings: 137 issues detected

Severity	Count
🔴 Critical	17
🟠 High	54
🟡 Medium	66

⚠️ Action Required: Critical security issues found!

View findings

[
  {
    "reason": "Issue in scorecard-enforcer.yml",
    "type": "scorecard_publish_with_run_step",
    "file": "scorecard-enforcer.yml",
    "action": "split_scorecard_publish_job",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Issue in instant-sync.yml",
    "type": "secret_action_without_presence_gate",
    "file": "instant-sync.yml",
    "action": "peter-evans/repository-dispatch",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Issue in codeql.yml",
    "type": "codeql_missing_actions_language",
    "file": "codeql.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "User-defined Coq axiom -- not verified by kernel (1 occurrences, CWE-704)",
    "type": "coq_axiom",
    "file": "/home/runner/work/verisimdb/verisimdb/formal/Provenance.v",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "medium"
  },
  {
    "reason": "User-defined Coq axiom -- not verified by kernel (2 occurrences, CWE-704)",
    "type": "coq_axiom",
    "file": "/home/runner/work/verisimdb/verisimdb/formal/PlannerSemantic.v",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "medium"
  },
  {
    "reason": "User-defined Coq axiom -- not verified by kernel (1 occurrences, CWE-704)",
    "type": "coq_axiom",
    "file": "/home/runner/work/verisimdb/verisimdb/formal/Planner.v",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "medium"
  },
  {
    "reason": "User-defined Coq axiom -- not verified by kernel (6 occurrences, CWE-704)",
    "type": "coq_axiom",
    "file": "/home/runner/work/verisimdb/verisimdb/formal/Drift.v",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "medium"
  },
  {
    "reason": "User-defined Coq axiom -- not verified by kernel (1 occurrences, CWE-704)",
    "type": "coq_axiom",
    "file": "/home/runner/work/verisimdb/verisimdb/formal/WAL.v",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "medium"
  },
  {
    "reason": "User-defined Coq axiom -- not verified by kernel (2 occurrences, CWE-704)",
    "type": "coq_axiom",
    "file": "/home/runner/work/verisimdb/verisimdb/formal/Normalizer.v",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "medium"
  },
  {
    "reason": "getExn on external data -- use pattern matching (1 occurrences, CWE-754)",
    "type": "getexn_on_external",
    "file": "/home/runner/work/verisimdb/verisimdb/src/registry/Registry.res",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "critical"
  }
]

Powered by Hypatia Neurosymbolic CI/CD Intelligence