Generate temporary Gemfile.lock for FOSSA CI scan

[kaylareopelle]

FOSSA scans expect a Gemfile.lock to do their work. Gems, as a best practice, do not check in a Gemfile.lock.

The New Relic Ruby agent gets around this by bundling the gem in a step prior to the scan:
https://github.com/newrelic/newrelic-ruby-agent/actions/runs/14669694175/workflow

Something similar may work for this repo, though we'll need to adjust so that all the nested gems get bundled.

Until then, FOSSA scans will fail.

Example: https://github.com/open-telemetry/opentelemetry-ruby-contrib/actions/runs/14674537659

[github-actions]

👋 This issue has been marked as stale because it has been open with no activity. You can: comment on the issue or remove the stale label to hold stale off for a while, add the keep label to hold stale off permanently, or do nothing. If you do nothing this issue will be closed eventually by the stale bot.

[kaylareopelle]

Scans are silently failing. When you open the action, you'll see the failures, but the scan itself will pass.

[github-actions]

👋 This issue has been marked as stale because it has been open with no activity. You can: comment on the issue or remove the stale label to hold stale off for a while, add the keep label to hold stale off permanently, or do nothing. If you do nothing this issue will be closed eventually by the stale bot.

[kaylareopelle]

Closed by #1640