Infer WorkflowRun from CreateAction in five-safes SHACL profiles

[EttoreM]

Closes #43.

This PR implements a solution for treating the workflow-execution CreateAction as a dedicated ro-crate:WorkflowRun entity across the Five Safes SHACL profiles.

At a high level:

• A hidden SHACL rule was added to the relevant TTL files to infer the triple CreateAction -> rdf:type -> ro-crate:WorkflowRun for the CreateAction whose instrument matches RootDataEntity -> mainEntity.

• All SHACL constraints that are really about the actual workflow run were then retargeted from generic CreateAction to WorkflowRun, with corresponding updates on shapes' names and messages.

• Tests were updated accordingly.

One important testing detail:

• In the Python tests, the graph mutations still target entities of type CreateAction, not WorkflowRun.

• This is intentional: WorkflowRun is inferred by SHACL during validation, so it is safer for the tests to alter the source CreateAction nodes in the RO-Crate metadata graph.

• This remains correct as long as the tests are understood to target the specific CreateAction that is effectively the workflow run, and not any other CreateAction that may also be present in the crate.

A separate consistency note:

• In prefixes.ttl, the RO-Crate namespace is exposed in SPARQL via rocrate (without the dash), while elsewhere in the codebase we also use ro-crate.
  This did not originate in this PR, but it is something we may want to clean up in future to align prefix syntax across the codebase.