New steps before validation:
- 'Generate Claude review': calls Anthropic API (claude-opus-4-6),
posts formatted comment with required DoD/Blocker/Major structure
- 'Generate ChatGPT review': calls OpenAI API (gpt-4o), same format
- Both steps skip gracefully if API key secret is not set
- Idempotent: skips generation if review comment already exists
- Validation step remains unchanged as final gate
Required secrets in consumer repo: ANTHROPIC_API_KEY, OPENAI_API_KEY
Permission updated: pull-requests/issues write (needed to post comments)
The static URL gitleaks_linux_x64.tar.gz does not work as gitleaks
uses versioned filenames (e.g. gitleaks_8.x.x_linux_x64.tar.gz).
Fetch the latest tag via GitHub API and construct the correct URL.
