Remove surface from pr review

[enyst]

Look at the workflow for pr-review. Restrict it to at least collaborator, in other words remove the automatic running on random prompts (because they're prompts to the agent LLM)

All the rest remains in place, including that it works on label or when a maintainer asks

[openhands-ai]

I'm on it! enyst can track my progress at all-hands.dev

[openhands-ai]

Final summary (since the last update)

No further code changes were made after opening the PR. The branch is already pushed and the PR is already created.

Checklist against the request/instructions

• Removed “surface” behavior: PR review no longer auto-runs for untrusted/random PR authors.
• Restricted automatic runs to collaborators+ (author association COLLABORATOR / MEMBER / OWNER) for opened and ready_for_review.
• Preserved manual triggers:
  • Still works via review-this label
  • Still works via requesting openhands-agent / all-hands-bot as reviewer
  • Manual triggers are gated so only users with write/maintain/admin permission can activate them.
• Kept workflow copies in sync (.github/workflows/... and plugins/pr-review/workflows/...), satisfying the existing sync test.
• Ran test suite (pytest) and it passed.
• Created openhands/... branch, committed with clear message + Co-authored-by, pushed, and opened PR that closes Remove surface from pr review #64.

Conciseness / extraneous changes

• Only the PR review workflow files and the pr-review plugin README were modified to implement the new trigger restrictions and document them. No unrelated changes were included.

PR

PR: #65 (closes #64)