`bots:` allowlist does not override `pre_activation` team membership check

[arezero]

Severity: Blocker for any bot-triggered workflow

Reproduction: Create a workflow with on: pull_request_review and bots: [greptile-apps, copilot]. Have a bot (e.g., Greptile) submit a review on a PR.

Expected: The workflow activates because the bot is in the allowlist.

Actual: The pre_activation job's check_membership.cjs queries the GitHub API for the triggering actor's permission level. Bots return permission "none", so is_team_member=false. The bots: allowlist logs "Bot greptile-apps is in the allowed bots list" but does not override is_team_member. The activated output remains 'false'. All downstream jobs (activation, agent, safe_outputs, conclusion) are skipped.

Log evidence: The pre_activation step logs show the bot check passes but the output still evaluates to false.

Workaround: Replace the entire pre_activation job in the lock file with a no-op that hardcodes activated: 'true'. Must be reapplied after every recompile.