fix(ci): allow external contributors to trigger Claude Code review workflow

Add allowed_non_write_users parameter to bypass actor permission check for PRs from external contributors. This enables automated code reviews for all PRs, including those from forks, while maintaining security through pull_request_target context.

.github/workflows/claude-code-review.yml

@@ -45,6 +45,9 @@ jobs:
         with:
           claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
           github_token: ${{ secrets.GITHUB_TOKEN }}
+          # Allow all PR authors regardless of repository permissions
+          # This is safe because pull_request_target runs in the base repo context
+          allowed_non_write_users: '*'
           # Allow common dependency management bots to trigger reviews
           allowed_bots: 'dependabot[bot],renovate[bot]'
           plugin_marketplaces: 'https://github.com/anthropics/claude-code.git'