fix: include release notes in Dependabot PR reviews

[Spiev]

Summary

• Dependabot PR reviews now include release notes, so security advisories (GHSA/CVE) and breaking changes are detected
• Adds explicit instruction for Claude to check for security-relevant content
• Increases max_tokens for Dependabot reviews (300 → 500) to avoid truncation

Context: PR #72 (paperless-ngx security fix for GHSA-x395-6h48-wr8v) was incorrectly classified as "Security: None" because the review prompt only included the title and changed files, not the PR body with release notes.

Test plan

• Merge and verify next Dependabot PR gets reviewed with release notes context
• Check that security-relevant updates are flagged correctly

🤖 Generated with Claude Code

[github-actions]

🔍 Code Review (by Claude)

Summary: Adds release notes to Dependabot PR reviews to catch security advisories and breaking changes that were previously missed.

Security: No issues.

Issues:

• Hardcoded 3000 char truncation (pr_data['body'][:3000]) could cut off critical security info mid-sentence. Consider truncating at word boundaries or increasing limit.

Suggestions:

• The new prompt instruction is verbose. Consider moving to system prompt or condensing to avoid token waste on every Dependabot PR.
• 500 tokens may still be insufficient if multiple dependencies are updated. Consider dynamic sizing based on PR complexity.

---

Review generated by Claude AI. Please use your judgment for final approval.