Switch from managed to vendored mode so tiles are committed to git.
Install 55 tiles (Python + JS/TS), add MCP configs, and set up
weekly tile update workflow via reusable github-workflows caller.
## Summary
- Adds `/roadmap` page with visual flowchart showing codeflash-python
and codeflash-agent planned work
- Gated behind `isTeamMemberCheck` (same auth pattern as
`/observability`)
- Sidebar link visible only to team members
- Status tracking with distinct visual treatments: compact left-accent
for shipped, hero cards with glow for in-progress, dashed wireframe for
planned
## Test plan
- [ ] Visit `/roadmap` as a team member — page renders with status cards
- [ ] Visit `/roadmap` as a non-team member — redirects to `/`
- [ ] Sidebar shows roadmap link only for team members
- [ ] Build passes (`npm run build`)
- [ ] All tests pass (`npm test` — 39/39)
## Summary
Switches tessl from **vendored** mode to **managed** mode
([docs](https://docs.tessl.io/reference/configuration#project-mode-managed-vs-vendored)).
Previously, all tile contents (~170k lines across 449 files) were
committed directly in `.tessl/tiles/`. This bloated the repo and added
noise to diffs/context that the team found hard to review.
In managed mode, tiles work like `node_modules` — they're gitignored and
fetched from the registry on demand.
## What changed
- `tessl.json`: `"mode": "vendored"` → `"mode": "managed"`
- `.gitignore`: added `.tessl/tiles/`
- Removed all files under `.tessl/tiles/` from git tracking (they remain
on disk locally)
## After merging
Team members need to run **`tessl install`** once after pulling this
change to restore their local tiles. This is the same workflow as
running `npm install` after dependency changes.
## Test plan
- [x] `tessl install` restores all tiles locally after the change
- [ ] Verify CI/remote agents still work (they'll need `tessl install`
in their setup step if they use tiles)
