Reframe auth.md as Anthropic's documented path + widen weekly-research network allowlist

auth.md: OAuth via claude setup-token → CLAUDE_CODE_OAUTH_TOKEN in the
official CLI is documented/permitted by Anthropic (per their GitHub
Actions docs and Feb 2026 ToS). The post-compile tweak circumvents
gh-aw's sandbox proxy, not Anthropic policy — separate those concerns
in the framing and in the upstream-trajectory section.

weekly-research: allow the 9 domains the last run was blocked on
(news.ycombinator.com, hn.algolia.com, code.claude.com,
platform.claude.com, support.claude.com, and 4 others) so next run
has fuller coverage. Recompiled and OAuth tweak reapplied (grep
counts 2/9 ✓).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: verkyyi

.github/workflows/weekly-research.lock.yml

@@ -13,7 +13,18 @@ on:
 
 permissions: read-all
 
-network: defaults
+network:
+  allowed:
+    - defaults
+    - "autonomee.ai"
+    - "code.claude.com"
+    - "grll.bearblog.dev"
+    - "hn.algolia.com"
+    - "kissapi.ai"
+    - "news.ycombinator.com"
+    - "platform.claude.com"
+    - "support.claude.com"
+    - "wain.blog"
 
 safe-outputs:
   create-discussion: