ci(validate): Update PR validation workflow and valid tags

[tintinhamans]

This pull request updates the pull request validation workflow to enforce conventional commit standards for PR titles and commit messages.

• Updated to use ubuntu-slim instead of ubuntu-latest which is a smaller container-based image - should theoretically start faster and also complete faster since this workflow is not heavy.
• Replaced the old tag list in .github/workflows/valid-tags.txt with conventional commit types specified in CONTRIBUTING.md
• Updated the regex logic in validate-pull-request.yml to require PR titles and commit messages to follow the conventional commit format: type(scope): Description or type: Description, using the new tag list.
• Added automated PR comments when validation fails, detailing invalid titles and commit messages, and deleting previous bot comments to avoid spam.

Sample comment:

• Changed the workflow trigger from pull_request to pull_request_target for improved security and to allow validation of PRs from forks while still being able to post comments.
• Various other fixes.

[greptile-apps]

Greptile Summary

This PR overhauls the PR validation workflow to enforce conventional commit standards, replacing the old bracket-tag system ([GEN], [ZH], etc.) with typed prefixes (feat:, fix:, ci(scope):, etc.). The switch from pull_request to pull_request_target — combined with checking out only the base branch — correctly enables posting comments on fork PRs while keeping the privileged token away from untrusted code. Security hardening throughout (random-delimiter heredocs for GITHUB_ENV, context exposed as env vars instead of inline ${{ }} in run blocks, --paginate for complete comment cleanup) is well done.

Key changes:

• valid-tags.txt: Replaced 7 project-specific bracket tags with 14 conventional commit types; revert and unify are project extensions beyond the standard set.
• validate-pull-request.yml: Complete rewrite — conventional commit regex ^((type)(\([^)]+\))?: [A-Z].*)$, randomised heredoc delimiters to prevent injection, automated failure comments with stale-comment deletion, ubuntu-slim runner, concurrency guard, and separated fail step so comments always post before the job fails.
• CONTRIBUTING.md: Adds revert to the allowed types list, capitalises "Good" example descriptions, and updates action-word examples to be consistent with the new uppercase requirement enforced by the regex.

One minor item worth noting:

• The INVALID_COMMITS_LIST string always ends with a trailing \n, which produces a spurious blank line in the posted comment between the commit list and the format explanation section.

Confidence Score: 5/5

• This PR is safe to merge; the workflow is well-hardened and the security model is sound.
• All critical security and logic issues have been successfully addressed: GITHUB_ENV injection hardened with randomized delimiters, full pagination for comment cleanup, environment variable exposure for injection prevention, and proper conditional guards to prevent silent failures. The workflow correctly uses pull_request_target with base-branch checkout to safely handle fork PRs while keeping the privileged token away from untrusted code. The one remaining item — a trailing newline producing a cosmetic blank line in comment formatting — is a minor formatting issue that does not affect functionality, security, or correctness. The PR is ready to merge.
• No files require special attention beyond the cosmetic formatting note in .github/workflows/validate-pull-request.yml.

_{Last reviewed commit: f6be43d}

[Skyaero42]

This looks good to me.

[xezon]

Looking good