feat(github-app): add maintainer trust checklist and install preview flow

[JSONbored]

Parent phase: #235
Parent roadmap: #127

Problem

Maintainers need to know exactly what Gittensory will read, compute, preview, and post before installing or enabling commands in a repo.

Acceptance criteria

• Install preview summarizes permissions, public outputs, private-only context, command authorization, and audit behavior.
• Maintainer trust checklist is visible before enabling repo commands.
• Checklist includes sanitizer boundaries and manual-control expectations.

Validation expected

• API/control-panel tests cover preview data construction.
• Screenshots show the install preview and checklist states.

UI evidence gate

Any visible web, browser-extension, or GitHub-overlay change must include maintainer-reviewable screenshots or a short recording covering the changed states. A checked template box without actual visual evidence is not enough.

Public-output safety criteria

• Public text is sanitized before reaching GitHub comments, issue bodies, PR bodies, extension-visible public panels, or copied public snippets.
• Tests cover forbidden wallet/hotkey, reward-estimate, trust-score, public-score-prediction, private-reviewability, private-scoreability, and farming-language leakage.

Cross-cutting acceptance criteria

• Preserve the repo quality gate: npm run test:ci, 97%+ global coverage, and the local branch coverage target for touched code.
• Keep public/private boundaries explicit. Public GitHub output must not expose wallets, hotkeys, reward estimates, raw trust scores, public score predictions, private reviewability, private scoreability context, or farming language.
• Add/update focused tests for the changed behavior instead of relying on green checks alone.