feat: implement new github app

[derekmisler]

Summary

Adds GitHub App integration to enable custom reviewer identity (comments/reviews appear as your app instead of github-actions[bot]), introduces a reusable PR review workflow for easier adoption, and improves API key handling with explicit validation and better security.

Changes

• .github/workflows/review-pr.yml: New reusable workflow supporting auto-review for org members, manual /review triggers, and feedback learning
• action.yml: Added GitHub App token generation, explicit API key validation (fails fast if none provided), API key masking, and quiet mode to suppress verbose tool output
• review-pr/action.yml: Integrated GitHub App token support with fallback to github.token
• .github/workflows/pr-describe.yml: Added GitHub App token generation for custom app identity in PR descriptions
• .github/workflows/security-scan.yml: Added GitHub App token support for security issue creation
• README.md: Updated documentation to clarify API key requirements, GitHub App setup, and new quiet input
• review-pr/README.md: Comprehensive documentation for reusable workflow, GitHub App setup, and org-based auto-review

Breaking Changes

API Key Handling: API keys now require explicit inputs (e.g., anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}). Environment variable fallback (env.ANTHROPIC_API_KEY) has been removed. The action now validates at startup that at least one API key is provided and fails fast with a clear error message.

Migration: Update workflows to pass API keys as action inputs instead of environment variables:

# Before
env:
  ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}

# After
with:
  anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}

[derekmisler]

/describe

[github-actions]

✅ PR description has been generated and updated!

[derekmisler]

This is almost entirely copied and pasted from the review workflow in cagent.

[derekmisler]

/describe

[github-actions]

✅ PR description has been generated and updated!