Why: every active pulseengine Rust repo runs Format, Clippy, and Test
under those exact job names. The previous empty `contexts: []` meant
temper applied branch protection but didn't require any specific
status checks — so brand-new repos and repos that hadn't been
touched at the API level had unprotected merges.

What: add the three universal Rust check names to
`branch_protection.default.required_status_checks.contexts`. Repos
with richer smithy patterns (spar, gale, sigil — Cargo Deny,
Mutation Testing, etc.) keep their extras at the repo level via
direct API; this list is the additive minimum, not an exclusive set.

Test plan:
  - YAML parses cleanly (python yaml.safe_load).
  - npm test → 834 pass (unchanged; integration tests use inline
    config fixtures, not config.yml).
  - After merge: temper's scheduled sweep re-applies branch protection
    across all 27 pulseengine repos within the next sweep window.

Out of scope: org-level Actions fork-PR-approval policy and
allowed-actions allowlist (UI-only today; tracked as a follow-up
feature request "feat: manage org-level Actions fork-PR-approval
policy and allowed-actions allowlist via config.yml").

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Adds the safety warning from a parallel duplicate PR (#58, closing
in favour of this one). The risk is concrete: any context added to
this list that not every repo's CI defines will leave those repos
stuck unable to merge. Keep the list universal-only.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Audit during smithy migration rollout (2026-05-10) found that
several pulseengine repos don't define Format/Clippy/Test under
those exact names: rules_lean (only verify-rules + build),
pulseengine.eu (web build), .github (community files),
rules_rocq_rust (mostly Bazel), wasm-component-examples,
moonbit_checksum_updater, and a couple of MCP-server templates.

Setting Format/Clippy/Test as required contexts org-wide via
Temper would leave all those repos permanently unable to merge
PRs (the required check would never appear because the workflow
doesn't define it).

Reverting contexts back to [] keeps the org-wide protection
benefits — strict, signed-commits, no force push, no deletion,
enforce_admins — without the small-repo trap. Per-repo can add
specific required checks via direct API; smithy already does this
on spar's main branch (13-context full smithy migration set).

If we want a real org floor later, the right vehicle is shipping
a starter workflow via pulseengine/.github that emits the
expected check names everywhere.