Clarify Test Quality Sentinel safe-output comment invocation to prevent Copilot engine permission failures (#39867)

* Initial plan

* chore: plan fix for tqs safe-output usage

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

* Clarify TQS add-comment safe-output usage

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Co-authored-by: Peli de Halleux <pelikhan@users.noreply.github.com>

Author: Copilot

.github/workflows/test-quality-sentinel.lock.yml

@@ -272,7 +272,15 @@ Guideline violations always trigger `REQUEST_CHANGES` regardless of the quality
 
 ## Step 7: Post PR Comment with Results
 
-Post a comment to the pull request with the full analysis using `add-comment`. Use the `tqs-report-template` skill for the exact comment format.
+Post a comment to the pull request with the full analysis using the `add-comment` safe-output tool (tool call, not shell). Use the `tqs-report-template` skill for the exact comment format.
+
+Use this shape:
+
+```json
+{"add_comment":{"body":"<full markdown report>"}}
+```
+
+Do **not** invoke `safeoutputs` from bash, and do **not** set `item_number` for this step. Let `add_comment` auto-target the triggering pull request.
 
 ## Step 8: Submit PR Review Based on Result