fix: remove run-setup.yml (causes sync drift by committing directly to public main)

[brandom-msft]

Problem

The run-setup.yml workflow on public triggers on push to main and regenerates azuredeploy.json files from Bicep sources. When a sync PR lands a commit that touches infrastructure/infrastructure-setup-bicep/, this workflow fires and commits regenerated ARM JSON directly to public main — creating a commit that doesn't exist on private.

This breaks the nightly private-to-public sync because the marks become stale (they reference objects from a tree state that no longer matches), and seed-marks recovery correctly refuses to paper over the divergence.

Evidence

• Sync run 27332078723 failed with seed-marks recovery failed — likely true drift on public main HEAD
• Public commit fda92cab ("Automatic fixes") was produced by this workflow's push trigger at 03:50:28 UTC after sync PR Automated sync from private repo (2026-06-11) #771 merged
• The private repo's copy of run-setup.yml already handles regeneration correctly (opens a PR instead of pushing directly, per ADO 5293956)

Fix

Delete the workflow from public entirely. Regeneration is owned by private; compiled ARM flows to public via the sync pipeline.

After this merges, we'll merge the pending auto/regenerate-azuredeploy-59ecf811 branch on private and re-trigger sync with seed_from_public_sha to re-anchor marks.

Also needed on private (separate PR)

Remove run-setup.yml from sync-config.json's protected_paths list — it no longer needs protection since it won't exist on public.

[github-actions]

👋 Thanks for your contribution, @brandom-msft!

This repository is read-only. If you are contributing on behalf of Microsoft, please submit your PR to the private staging repository instead:

👉 foundry-samples-pr

See CONTRIBUTING.md for full instructions.