Add breaking change documentation for new dotnet list package audit source warning

[Copilot]

This PR adds documentation for a breaking change introduced in .NET 8 where the dotnet list package --vulnerable command now emits a warning when configured audit sources don't support the VulnerabilityInfoResource.

What changed

In .NET 8, when using dotnet list package --vulnerable, if a configured auditsources does not support the VulnerabilityInfoResource, the command now shows:

Audit source '{source_name}' did not provide any vulnerability data.

Previously, the command would silently skip audit sources that lacked vulnerability information.

Documentation added

• Breaking change document: /docs/core/compatibility/sdk/8.0/dotnet-list-package-audit-source-warning.md
• TOC entry: Added to the SDK 8.0 section in toc.yml
• Index entry: Added to the SDK section in 8.0.md categorized as "Behavioral change"

The documentation follows the established breaking change template and provides clear guidance for developers who encounter this new warning.

Related work

This change was implemented as part of NuGet.Client PR #6237 to enhance dotnet list package functionality with audit source support.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[Breaking change]: New warning introduced in dotnet list package command.</issue_title>
<issue_description>### Description

When using dotnet list package --vulnerable, if a configured auditsources does not support the VulnerabilityInfoResource, a warning is now shown to inform the user that the source does not provide vulnerability data.

Version

.NET 8

Previous behavior

The command would silently skip auditsources that lacked vulnerability information, because the command did not use auditsources as a source of vulnerability data.

New behavior

The command now emits a warning:
Audit source '{0}' did not provide any vulnerability data.
This helps users understand why certain sources may not influence the reported vulnerabilities.

Type of breaking change

• Binary incompatible: Existing binaries might encounter a breaking change in behavior, such as failure to load or execute, and if so, require recompilation.
• Source incompatible: When recompiled using the new SDK or component or to target the new runtime, existing source code might require source changes to compile successfully.
• Behavioral change: Existing binaries might behave differently at run time.

Reason for change

This warning came as part of the work we did to allow customers use auditsources when running dotnet package list command.

Recommended action

Check the specified auditsources to ensure it supports the VulnerabilityInfoResource. If it doesn't, either update the source or replace it with one that provides vulnerability data.

Feature area

SDK

Affected APIs

No response

---

Associated WorkItem - 429707</issue_description>

Comments on the Issue (you are @copilot in this section)

@Nigusu-Allehu changes in https://github.com/NuGet/NuGet.Client/pull/6237

Fixes #46042

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

---

Internal previews

📄 File	🔗 Preview link
docs/core/compatibility/8.0.md	Breaking changes in .NET 8
docs/core/compatibility/sdk/8.0/dotnet-list-package-audit-source-warning.md	'dotnet list package' warns if source doesn't provide vulnerability data
docs/core/compatibility/toc.yml	docs/core/compatibility/toc

[Nigusu-Allehu]

The first issue being fixed in the PR description looks unrelated