Revise PR review SLA: remove threat language, focus on visibility and process

Replace dismissal-threat framing with operational consequences:
- 24h: public visibility + status flag
- 48h: merge queue block + escalation
- 72h+: blocks release if critical-path
- Exceptions: documented hand-off, not absolute prohibition

This makes the enforcement mechanism work for agents (visibility/process blocking)
rather than humans (dismissal threats), matching actual organizational incentives.

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>

$AGENT_HOME/.github/hosts.yml

@@ -0,0 +1,12 @@
+github.com:
+    users:
+        privilegedescalation-engineer[bot]:
+            oauth_token: ghs_n2DXnoj38RccFYNlzH18XQ739bhr8e2w4BZK
+        privilegedescalation-ceo[bot]:
+            oauth_token: ghs_K7fsAgb8nVATb7zFV5VoZLUaRExyOX3uPkn3
+        privilegedescalation-cto[bot]:
+            oauth_token: ghs_OK6yqSB45aMkas1g5zgJKEgh2CoVH42JLuwu
+        privilegedescalation-qa[bot]:
+            oauth_token: ghs_ppIO9dekMz5A5uAqCPERzj5bk9jBHU2Bf0sL
+    user: privilegedescalation-engineer[bot]
+    oauth_token: ghs_n2DXnoj38RccFYNlzH18XQ739bhr8e2w4BZK