ci: enable GitHub merge queue (#5036)

### What changes were proposed in this PR?
This PR enables GitHub merge queue for the default branch so ready PRs
no longer need to repeatedly update against `main` after other PRs land.

Configuration changes:
- Add the required `meta.environment: github_rulesets` section for
ASF-managed GitHub rulesets.
- Replace the previous `protected_branches.main` configuration with a
default-branch ruleset.
- Keep the existing review gate: 1 approval, resolved review
conversations, no code-owner requirement, and no last-push approval
requirement.
- Keep the existing required checks: `Required Checks`, `Check License
Headers`, and `Validate PR title`.
- Preserve GitHub auto-merge support.
- Disable the old strict branch-up-to-date policy so merge queue
validates the final merge result instead of requiring every PR branch to
be updated manually.
- Set the merge queue check timeout to 30 minutes because required
checks are expected to finish in under 20 minutes, leaving buffer for
runner startup or occasional slow runs.

Workflow changes:
- Add the `merge_group` event to required workflows so required checks
run on merge queue refs.
- Keep PR title validation on `pull_request_target`; make the
`merge_group` path a no-op because the PR title is validated before a PR
enters the queue.

Expected behavior:
- Merge queue creates a temporary ref for `main + queued PR(s)` and runs
required checks there.
- CI may run once before a PR enters the queue and once after it enters
the queue.
- The second run protects `main` from integration failures in the queued
merge result.
- If a merge-group run fails or times out, GitHub does not merge that
group and the affected PR needs to be fixed/requeued.

Temporary auto-queue removal:
- Remove `.github/workflows/auto-queue.yml` because GitHub native merge
queue replaces that scripted auto-queue behavior.
- Do not add any `emergency` label behavior in this PR. Emergency
priority should be handled manually through GitHub queue controls or
admin bypass if truly necessary.

### Any related issues, documentation, discussions?
Closes #4553

### How was this PR tested?
Ran local configuration checks:

```bash
ruby -e 'require "yaml"; [".asf.yaml", ".github/workflows/required-checks.yml", ".github/workflows/check-header.yml", ".github/workflows/lint-pr.yml"].each { |f| YAML.load_file(f); puts "ok #{f}" }'
ruby -e 'require "yaml"; cfg=YAML.load_file(".asf.yaml"); abort "missing meta" unless cfg["meta"] && cfg["meta"]["environment"] == "github_rulesets"; mq=cfg["github"]["rulesets"].find { |r| r["name"] == "Merge Queue" }; abort "missing merge queue" unless mq; abort "main branch protection still present" if cfg.dig("github", "protected_branches", "main"); checks=mq["rules"].find { |r| r["type"] == "required_status_checks" }["parameters"]["required_status_checks"].map { |c| c["context"] }; abort checks.inspect unless checks == ["Required Checks", "Check License Headers", "Validate PR title"]; puts "asf ruleset sanity ok"'
git diff --check
```

No automated runtime tests were added because this PR only changes
repository/GitHub Actions configuration.

### Was this PR authored or co-authored using generative AI tooling?
Generated-by: OpenAI Codex (GPT-5)