refactor(ts#project): improve GritQL pattern scoping and idempotency

[nx-plugin-for-aws]

Reason for this change

Several GritQL AST transformation patterns across generators lacked idempotency guards, meaning they could produce duplicate code if run multiple times on the same file. Additionally, some generators used a matchGritQL + applyGritQL two-step pattern where a single idempotent applyGritQL call with a where clause would be simpler and more consistent with patterns used elsewhere in the codebase.

Description of changes

Idempotency guards added to inline GritQL patterns:

• connection/serve-local.ts — prevents duplicate runtimeConfig.apis.* lines via $stmts <: not contains
• ts/strands-agent/react-connection/serve-local.ts — prevents duplicate runtimeConfig.agentRuntimes.* lines
• ts/nx-generator/generator.ts — prevents duplicate sidebar entries in docs config

Consolidated matchGritQL + applyGritQL into single idempotent applyGritQL:

• utils/shared-shadcn.ts — ESLint rule addition now uses $items <: not contains guard instead of a separate matchGritQL check
• utils/connection/open-api/react.ts — QueryClientProvider and API provider wrapping use $program <: not contains instead of a separate matchGritQL check
• trpc/react/generator.ts — QueryClientProvider and tRPC provider wrapping (same pattern)
• ts/strands-agent/react-connection/generator.ts — QueryClientProvider and agent provider wrapping (same pattern)

These consolidations follow the same pattern already used in cognito-auth-wrapper.grit ($program <: not contains), making the codebase more consistent.

Note: The cognito-auth .grit files (none-auth-menu.grit, cloudscape-auth-menu.grit, shadcn-auth-menu.grit, shadcn-state-declarations.grit) were intentionally left without pattern-level idempotency guards. The cognito-auth generator already prevents re-running at a higher level, and adding where guards to these patterns interfered with GritQL's evaluation of nested contains-rewrite expressions.

Description of how you validated changes

• All 1602 unit tests pass
• Build succeeds
• Lint passes

Checklist

• My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 89.48%. Comparing base (1afceb6) to head (c9bbee2).

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #550      +/-   ##
==========================================
+ Coverage   89.35%   89.48%   +0.12%     
==========================================
  Files          94       94              
  Lines        3166     3157       -9     
  Branches      701      694       -7     
==========================================
- Hits         2829     2825       -4     
+ Misses        156      155       -1     
+ Partials      181      177       -4     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.