chore: prepare for v2.0.0 (#405)

## Summary

This PR prepares `supabase/setup-cli` for `v2.0.0`.

The main goal of this release is to simplify the action and modernize
the repo/tooling around a Bun-based implementation, while tightening
workflows, tests, and documentation.

## What Changed

### Action runtime
- switched the action from a Node/compiled `dist` runtime to a Bun-based
composite action
- removed the checked-in `dist/` output entirely
- simplified the action source down to a single runtime file in
`src/main.ts`
- kept the public action interface the same:
  - `with.version`
  - `outputs.version`

### Tooling
- switched package management and local tooling from npm to Bun
- removed Rollup and the build step
- replaced Jest with Bun’s native test runner
- replaced Prettier with `oxfmt`
- replaced ESLint with `oxlint`
- enabled type-aware/type-check linting with `oxlint-tsgolint`
- simplified TypeScript config to a single `tsconfig.json` extending
`@tsconfig/bun`

### Tests
- moved tests next to the runtime source
- rewrote tests to focus on meaningful user-facing action behavior
- added coverage for:
  - default entrypoint execution
  - latest version installs
  - legacy version installs
  - modern pinned version installs
  - failure when the installed CLI cannot report a version
- action code coverage is now `100%`

### Workflows
- renamed workflow files for clarity:
  - `test.yml` -> `ci.yml`
  - `start.yml` -> `e2e.yml`
- updated workflow/job naming so required checks are clean and stable:
  - `CI`
  - `E2E`
  - `CodeQL`
  - `Licensed`
- added aggregate PR-facing checks so branch protection does not need
matrix legs
- made CI and E2E skip heavy jobs on draft PRs
- made E2E run automatically on ready PRs and new commits
- simplified CodeQL config by removing the separate config file
- updated action pins to current releases using commit SHAs
- refined Dependabot for Bun-era updates and non-major auto-merge

### Docs
- refreshed `README.md` and `docs/index.md` for the new v2 behavior
- updated examples to use `@v2`
- added a practical example for exporting local Supabase env vars after
`supabase start`
- removed stale references to old local/dev flows

## Breaking / Notable Changes

- the action now runs as a Bun-based composite action instead of a
prebuilt JavaScript action
- no checked-in `dist/` artifacts anymore
- self-hosted runners now need the prerequisites expected by the
composite action path:
  - `bash`
- network access to install Bun/dependencies and download the Supabase
CLI

## Validation

Verified locally with:
- `bun run format:check`
- `bun run lint`
- `bun test`
- `bun run ci`

Also updated workflows and branch-protection-friendly check names so PR
validation is cleaner going forward.

## Follow-up

After merge, branch protection should require only:
- `CI`
- `E2E`
- `CodeQL`
- `Licensed`

---------

Co-authored-by: licensed-ci <licensed-ci@users.noreply.github.com>

tsconfig.json

@@ -1,11 +1,4 @@
 {
-  "$schema": "https://json.schemastore.org/tsconfig",
-  "extends": "./tsconfig.base.json",
-  "compilerOptions": {
-    "module": "NodeNext",
-    "moduleResolution": "NodeNext",
-    "outDir": "./dist"
-  },
-  "exclude": ["__fixtures__", "__tests__", "coverage", "dist", "node_modules"],
+  "extends": "@tsconfig/bun/tsconfig.json",
   "include": ["src"]
 }