unit-11: add markdown link check to CI

[sent-dm]

Summary

• Adds a link-check job to .github/workflows/validate-skills.yml that runs gaurav-nelson/github-action-markdown-link-check@v1 against skills/, references/, and root-level docs (README.md, CLAUDE.md, CONTRIBUTING.md, AGENTS.md, CODE_OF_CONDUCT.md).
• Expands workflow triggers to include references/**, root *.md, and .markdown-link-check.json so link-check runs whenever those change.
• Adds .markdown-link-check.json with conservative defaults: 20s timeout, retry on 429 (2 retries, 30s delay), and accept 200/206/301/302/308/403/405 as alive (403/405 covers hosts that reject HEAD requests).

Scope: ignore patterns explained

The config skips four rate-limited / bot-hostile hosts that frequently 429 or timeout in CI and would otherwise cause flaky failures:

• developers.facebook.com (Meta WABA docs — aggressive bot protection)
• developers.google.com (Google RBM / RCS docs — frequent 429s)
• business.facebook.com (Meta Business — gated, requires auth)
• www.campaignregistry.com (TCR — slow + flaky for bots)

These hosts are heavily linked from skills because the project domain (SMS/WhatsApp/RCS) inherently depends on their docs. Skipping them keeps CI green without sacrificing coverage of the long tail of broken links elsewhere.

Scope: paths not yet included

The unit spec mentioned evals/**/*.md and root plan.md, but neither exists on dev today. The action exit 2s on missing folder-path or file-path entries (verified by reading its entrypoint.sh), so they're omitted. Add when those land.

Test plan

• python3 -c "import yaml; yaml.safe_load(...)" parses workflow
• python3 -c "import json; json.load(...)" parses config
• bash scripts/validate-skills.sh still exits 0
• CI run on this PR shows the link-check job executing against current skills + references + root docs