fix(pr-followup): include itsmiso-ai in default bot identity allowlist

[itsmiso-ai]

Fixes the silent drop in PR-followup sync ingestion from #356.

The bug

`POST /api/pr-followup/sync` and `POST /api/pr-followup/webhook` both filter
PRs through `isAllowedBotAuthor()`, which checks the author against
`DEFAULT_BOT_IDENTITIES` when the `PR_FOLLOWUP_BOT_IDENTITIES` env var is unset.

The default was `["github-actions[bot]"]`. The actual author identity for the
Miso agent fleet on `misospace/*` is `itsmiso-ai`, so every merge_state /
check_run / review / comment event for the agent's PRs was silently dropped
(`ingestXxxEvent` returned `null` because `isAllowedBotAuthor` returned false).
The sync still reported `enqueued=N` because comments/reviews from other
events got through, masking the failure on the merge-conflict-surfacing path.

Net effect: DIRTY / CONFLICTING PRs never reach the pr-fix queue, so the
cron worker keeps saying `Pipeline is clear.` even with 7 conflicted agent
PRs sitting open.

Repro

```bash
unset PR_FOLLOWUP_BOT_IDENTITIES
curl -s -X POST $DISPATCH_URL/api/pr-followup/sync -H "Authorization: Bearer $TOKEN" -d '{}'

-> { "reposScanned": 7, "prsScanned": 7, "enqueued": 2, "skipped": 20 }

But the 2 are not from any merge_state event — they're from check_run/comment events.

Conflicted PRs (DIRTY) silently filtered out.

```

Fix

Add `itsmiso-ai` to `DEFAULT_BOT_IDENTITIES`. The env var still wins when set,
so operators with different bot identities are unaffected.

Changes

• `src/lib/pr-followup-ingestion.ts` — add `itsmiso-ai` to default
• `src/lib/pr-followup-ingestion.test.ts` — regression test for the unset-env case
• `docs/pr-review-fix-queue.md` — update the documented default

Followups (not in this PR)

• Operator may also want to set `PR_FOLLOWUP_BOT_IDENTITIES` explicitly to
  avoid relying on the in-code default, and to handle `app/smurf-bot` if
  more PRs are authored by that identity.
• Consider exposing bot identity config through the Dispatch admin UI so this
  is not a redeploy-required setting.

[its-saffron]

AI Automated Review

Full PR review.

Analysis engine: review@https://litellm.jory.dev/v1 (openai) — fast route

Recommendation

Approved. This PR fixes a bug where PR-followup events (like merge conflicts) from the itsmiso-ai bot were being silently dropped because the bot identity was not in the default allowlist. The fix includes a regression test and documentation updates.

Change-by-change findings

src/lib/pr-followup-ingestion.ts

• Added itsmiso-ai to the DEFAULT_BOT_IDENTITIES array to ensure the Miso agent fleet's PRs are processed by default when no environment variable is provided.
• Added documentation comments explaining why this identity is included and noting that PR_FOLLOWUP_BOT_IDENTITIES still takes precedence.

src/lib/pr-followup-ingestion.test.ts

• Added a regression test defaults to itsmiso-ai + github-actions[bot] when env var is unset to verify that both the new default and the original default are respected when the environment variable is absent.

docs/pr-review-fix-queue.md

• Updated the documentation table for PR_FOLLOWUP_BOT_IDENTITIES to reflect the new default value: github-actions[bot], itsmiso-ai.

Standards Compliance

• Code Standards: The implementation follows the repository's pattern of using a narrow default allowlist and provides a clear mechanism (PR_FOLLOWUP_BOT_IDENTITIES) for operators to override it.
• Error Handling: The fix addresses a silent failure mode where events were being dropped without notification.
• Testing: A regression test has been added to cover the specific scenario that caused the bug.

[itsmiso-ai]

Closing — the code default should stay vendor-neutral. The bot identity is already in the helm release ExternalSecret (home-ops/kubernetes/apps/base/llm/openclaw/dispatch/externalsecret.yaml). The real fix is to bump the helm release image tag from 0.4.4 to 0.4.5 so PR #356's merge-state ingestion actually runs. Tracking that in a separate PR against home-ops.