refactor: flatten Microsoft skills from nested to flat directory structure

Rewrote sync_microsoft_skills.py (v4) to use each SKILL.md's frontmatter
'name' field as the flat directory name under skills/, replacing the nested
skills/official/microsoft/<lang>/<category>/<service>/ hierarchy.

This fixes CI failures caused by the indexing, validation, and catalog
scripts expecting skills/<id>/SKILL.md (depth 1).

Changes:
- Rewrite scripts/sync_microsoft_skills.py for flat output with collision detection
- Update scripts/tests/inspect_microsoft_repo.py for flat name mapping
- Update scripts/tests/test_comprehensive_coverage.py for name uniqueness checks
- Delete skills/official/ nested directory
- Add 129 Microsoft skills as flat directories (e.g. skills/azure-mgmt-botservice-dotnet/)
- Move attribution files to docs/ (LICENSE-MICROSOFT, microsoft-skills-attribution.json)
- Rebuild skills_index.json, CATALOG.md, README.md (845 total skills)

skills/azure-identity-ts/SKILL.md

@@ -0,0 +1,303 @@
+---
+name: azure-identity-ts
+description: Authenticate to Azure services using Azure Identity SDK for JavaScript (@azure/identity). Use when configuring authentication with DefaultAzureCredential, managed identity, service principals, or interactive browser login.
+package: @azure/identity
+---
+
+# Azure Identity SDK for TypeScript
+
+Authenticate to Azure services with various credential types.
+
+## Installation
+
+```bash
+npm install @azure/identity
+```
+
+## Environment Variables
+
+### Service Principal (Secret)
+
+```bash
+AZURE_TENANT_ID=<tenant-id>
+AZURE_CLIENT_ID=<client-id>
+AZURE_CLIENT_SECRET=<client-secret>
+```
+
+### Service Principal (Certificate)
+
+```bash
+AZURE_TENANT_ID=<tenant-id>
+AZURE_CLIENT_ID=<client-id>
+AZURE_CLIENT_CERTIFICATE_PATH=/path/to/cert.pem
+AZURE_CLIENT_CERTIFICATE_PASSWORD=<optional-password>
+```
+
+### Workload Identity (Kubernetes)
+
+```bash
+AZURE_TENANT_ID=<tenant-id>
+AZURE_CLIENT_ID=<client-id>
+AZURE_FEDERATED_TOKEN_FILE=/var/run/secrets/tokens/azure-identity
+```
+
+## DefaultAzureCredential (Recommended)
+
+```typescript
+import { DefaultAzureCredential } from "@azure/identity";
+
+const credential = new DefaultAzureCredential();
+
+// Use with any Azure SDK client
+import { BlobServiceClient } from "@azure/storage-blob";
+const blobClient = new BlobServiceClient(
+  "https://<account>.blob.core.windows.net",
+  credential
+);
+```
+
+**Credential Chain Order:**
+1. EnvironmentCredential
+2. WorkloadIdentityCredential
+3. ManagedIdentityCredential
+4. VisualStudioCodeCredential
+5. AzureCliCredential
+6. AzurePowerShellCredential
+7. AzureDeveloperCliCredential
+
+## Managed Identity
+
+### System-Assigned
+
+```typescript
+import { ManagedIdentityCredential } from "@azure/identity";
+
+const credential = new ManagedIdentityCredential();
+```
+
+### User-Assigned (by Client ID)
+
+```typescript
+const credential = new ManagedIdentityCredential({
+  clientId: "<user-assigned-client-id>"
+});
+```
+
+### User-Assigned (by Resource ID)
+
+```typescript
+const credential = new ManagedIdentityCredential({
+  resourceId: "/subscriptions/<sub>/resourceGroups/<rg>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<name>"
+});
+```
+
+## Service Principal
+
+### Client Secret
+
+```typescript
+import { ClientSecretCredential } from "@azure/identity";
+
+const credential = new ClientSecretCredential(
+  "<tenant-id>",
+  "<client-id>",
+  "<client-secret>"
+);
+```
+
+### Client Certificate
+
+```typescript
+import { ClientCertificateCredential } from "@azure/identity";
+
+const credential = new ClientCertificateCredential(
+  "<tenant-id>",
+  "<client-id>",
+  { certificatePath: "/path/to/cert.pem" }
+);
+
+// With password
+const credentialWithPwd = new ClientCertificateCredential(
+  "<tenant-id>",
+  "<client-id>",
+  { 
+    certificatePath: "/path/to/cert.pem",
+    certificatePassword: "<password>"
+  }
+);
+```
+
+## Interactive Authentication
+
+### Browser-Based Login
+
+```typescript
+import { InteractiveBrowserCredential } from "@azure/identity";
+
+const credential = new InteractiveBrowserCredential({
+  clientId: "<client-id>",
+  tenantId: "<tenant-id>",
+  loginHint: "user@example.com"
+});
+```
+
+### Device Code Flow
+
+```typescript
+import { DeviceCodeCredential } from "@azure/identity";
+
+const credential = new DeviceCodeCredential({
+  clientId: "<client-id>",
+  tenantId: "<tenant-id>",
+  userPromptCallback: (info) => {
+    console.log(info.message);
+    // "To sign in, use a web browser to open..."
+  }
+});
+```
+
+## Custom Credential Chain
+
+```typescript
+import { 
+  ChainedTokenCredential,
+  ManagedIdentityCredential,
+  AzureCliCredential
+} from "@azure/identity";
+
+// Try managed identity first, fall back to CLI
+const credential = new ChainedTokenCredential(
+  new ManagedIdentityCredential(),
+  new AzureCliCredential()
+);
+```
+
+## Developer Credentials
+
+### Azure CLI
+
+```typescript
+import { AzureCliCredential } from "@azure/identity";
+
+const credential = new AzureCliCredential();
+// Uses: az login
+```
+
+### Azure Developer CLI
+
+```typescript
+import { AzureDeveloperCliCredential } from "@azure/identity";
+
+const credential = new AzureDeveloperCliCredential();
+// Uses: azd auth login
+```
+
+### Azure PowerShell
+
+```typescript
+import { AzurePowerShellCredential } from "@azure/identity";
+
+const credential = new AzurePowerShellCredential();
+// Uses: Connect-AzAccount
+```
+
+## Sovereign Clouds
+
+```typescript
+import { ClientSecretCredential, AzureAuthorityHosts } from "@azure/identity";
+
+// Azure Government
+const credential = new ClientSecretCredential(
+  "<tenant>", "<client>", "<secret>",
+  { authorityHost: AzureAuthorityHosts.AzureGovernment }
+);
+
+// Azure China
+const credentialChina = new ClientSecretCredential(
+  "<tenant>", "<client>", "<secret>",
+  { authorityHost: AzureAuthorityHosts.AzureChina }
+);
+```
+
+## Bearer Token Provider
+
+```typescript
+import { DefaultAzureCredential, getBearerTokenProvider } from "@azure/identity";
+
+const credential = new DefaultAzureCredential();
+
+// Create a function that returns tokens
+const getAccessToken = getBearerTokenProvider(
+  credential,
+  "https://cognitiveservices.azure.com/.default"
+);
+
+// Use with APIs that need bearer tokens
+const token = await getAccessToken();
+```
+
+## Key Types
+
+```typescript
+import type { 
+  TokenCredential, 
+  AccessToken, 
+  GetTokenOptions 
+} from "@azure/core-auth";
+
+import {
+  DefaultAzureCredential,
+  DefaultAzureCredentialOptions,
+  ManagedIdentityCredential,
+  ClientSecretCredential,
+  ClientCertificateCredential,
+  InteractiveBrowserCredential,
+  ChainedTokenCredential,
+  AzureCliCredential,
+  AzurePowerShellCredential,
+  AzureDeveloperCliCredential,
+  DeviceCodeCredential,
+  AzureAuthorityHosts
+} from "@azure/identity";
+```
+
+## Custom Credential Implementation
+
+```typescript
+import type { TokenCredential, AccessToken, GetTokenOptions } from "@azure/core-auth";
+
+class CustomCredential implements TokenCredential {
+  async getToken(
+    scopes: string | string[],
+    options?: GetTokenOptions
+  ): Promise<AccessToken | null> {
+    // Custom token acquisition logic
+    return {
+      token: "<access-token>",
+      expiresOnTimestamp: Date.now() + 3600000
+    };
+  }
+}
+```
+
+## Debugging
+
+```typescript
+import { setLogLevel, AzureLogger } from "@azure/logger";
+
+setLogLevel("verbose");
+
+// Custom log handler
+AzureLogger.log = (...args) => {
+  console.log("[Azure]", ...args);
+};
+```
+
+## Best Practices
+
+1. **Use DefaultAzureCredential** - Works in development (CLI) and production (managed identity)
+2. **Never hardcode credentials** - Use environment variables or managed identity
+3. **Prefer managed identity** - No secrets to manage in production
+4. **Scope credentials appropriately** - Use user-assigned identity for multi-tenant scenarios
+5. **Handle token refresh** - Azure SDK handles this automatically
+6. **Use ChainedTokenCredential** - For custom fallback scenarios