workflow: wire agent policy coverage check into static-checks

Add a check-agent-policy-coverage job to static-checks.yaml
that runs ci/check_agent_policy_coverage.sh on every pull request.

Generated-By: IBM Bob
Signed-off-by: stevenhorsman <steven@uk.ibm.com>

.github/workflows/static-checks.yaml

@@ -296,3 +296,17 @@ jobs:
 
           echo "::error::Go modules are not up-to-date (see Github step summary for diff)."
           exit 1
+
+  check-agent-policy-coverage:
+    name: check-agent-policy-coverage
+    needs: skipper
+    if: ${{ needs.skipper.outputs.skip_static != 'yes' }}
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout the code
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          fetch-depth: 0
+          persist-credentials: false
+      - name: Check agent policy coverage
+        run: bash ci/check_agent_policy_coverage.sh

tools/testing/gatekeeper/required-tests.yaml

@@ -139,6 +139,7 @@ mapping:
       - Static checks / build-checks / check (sudo -E PATH="$PATH" make test, runtime, src/runtime, golang, XDG_RUNTIME_DIR, ubuntu-22.04)
       - Static checks / build-checks / check (sudo -E PATH="$PATH" make test, trace-forwarder, src/tools/trace-forwarder, rust, ubuntu-2...
       - Static checks / build-checks-depending-on-kvm (runtime-rs)
+      - Static checks / check-agent-policy-coverage
       - Static checks / check-kernel-config-version
       - Static checks / codegen
       - Static checks / static-checks (make static-checks)