fix: scanner workflows now check closed issues with state_reason-aware dedup (#2740)

* fix: scanner workflows now check closed issues to prevent re-filing

Update dedup logic in refactoring-scanner, export-audit, and
duplicate-code-detector to search both open AND closed issues before
filing new ones. Previously they only checked open issues, so findings
that were triaged and closed as 'not planned' would be re-filed on the
next scheduled run.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: refine scanner dedup guidance for closed issue handling

* fix: align scanner dedup rules with GitHub state_reason semantics

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>

Author: 3 people

.github/workflows/duplicate-code-detector.lock.yml

@@ -152,11 +152,12 @@ cat containers/api-proxy/proxy-utils.js 2>/dev/null | head -60
 
 ## Phase 5: Check for Existing Issues
 
-Before filing new issues, check what's already been reported:
+Before filing new issues, check BOTH open AND closed issues:
 
-1. Search for open issues with `[Duplicate Code]` prefix using the GitHub toolset
-2. Also search for issues with labels `code-quality` or `refactoring` that describe duplication
+1. Search for issues with `[Duplicate Code]` prefix using the GitHub toolset with `state: all` (or equivalent `is:open` + `is:closed`)
+2. Also search for issues with labels `code-quality` or `refactoring` that describe duplication using `state: all` (or equivalent `is:open` + `is:closed`)
 3. Skip any finding that already has an open tracking issue
+4. For matching closed issues, check the GitHub `state_reason`: **auto-skip only when `state_reason` is `not_planned`** (often shown as "won't fix" / "not planned"). If `state_reason` is `completed` and the finding still reproduces, reopen the prior issue or file a new one with fresh evidence and a link to the prior issue.
 
 ## Phase 6: Prioritize and Report Findings
 
@@ -213,7 +214,7 @@ Low / Medium / High
 - **Be specific**: Always include file paths and line numbers in the evidence section
 - **Be actionable**: Each issue should have a clear, implementable suggestion
 - **Avoid noise**: Only file issues for genuine duplication with real maintenance impact — not cosmetic similarities
-- **No duplicates**: Check existing open issues before creating new ones
+- **No duplicates**: Check existing issues with `state: all`; only treat closed issues as terminal when `state_reason` is `not_planned`
 - **Security awareness**: Flag duplicated security-critical logic (domain validation, ACL rules, capability management) with higher urgency
 - **Cap at 5 issues**: File at most 5 issues per run to avoid flooding the tracker