fix: skip dual approval check gracefully on dismissed reviews (#122)

* feat(release): add token permission pre-check

Detect missing write permissions early in the release pipeline rather
than failing late during git push with a cryptic 403 error (see PRI-348).

The new check-token-permissions job generates a GitHub App token and
attempts to create a test ref via the API. On 201 the token has write
permission (cleaned up immediately); on 403 the release job is skipped
with a clear error message. This saves CI time and provides actionable
diagnostics.

Co-Authored-By: Paperclip <noreply@paperclip.ing>

* fix: skip dual approval check gracefully on dismissed reviews

When a pull_request_review event is dismissed, the PR context is null and
PR_NUMBER is empty. Instead of exiting with an error, exit 0 (skip) since
dismissed reviews are not approvals and do not affect the approval state.

Fixes PRI-314.

---------

Co-authored-by: Chris Farhood <chris@farhood.org>
Co-authored-by: Paperclip <noreply@paperclip.ing>

.github/workflows/dual-approval-check.yaml

@@ -51,8 +51,8 @@ jobs:
           REPO: ${{ github.repository }}
         run: |
           if [ -z "${PR_NUMBER}" ]; then
-            echo "::error::No pull request number found in event context. This workflow must be called from a pull_request or pull_request_review trigger."
-            exit 1
+            echo "::notice::No PR number in context (dismissed review?). Skipping dual approval check — no action needed."
+            exit 0
           fi
 
           echo "Checking approvals on PR #${PR_NUMBER} in ${REPO}"