add .maintainer.yaml with prReviewer.autoApprove

[bborbe]

Summary

• Adds .maintainer.yaml with prReviewer.autoApprove: true, migrating pr-reviewer trust config from the legacy .pr-reviewer.yaml.
• Keeps .pr-reviewer.yaml for now — the currently-deployed prod bot still reads it. Removed in a follow-up once the new pr-reviewer image is deployed.

Test plan

• pr-reviewer bot APPROVE + green checks

[ben-s-pull-request-reviewer]

Based on my review, here's the analysis:

Diff Summary: Single file added - .maintainer.yaml with 15 lines (comments + config)

Review Findings:

The .maintainer.yaml file adds prReviewer.autoApprove: true configuration with inline documentation explaining:

• When autoApprove: true, the verdict "approve" posts as an APPROVE (counts toward branch protection)
• When false/absent, it demotes to COMMENT
• This replaces a legacy .pr-reviewer.yaml file

Concerns Assessment:

• Security: The autoApprove setting is explicitly documented in the file comments, explaining its effect on PR verdicts. The PR appears intentional.
• YAML correctness: Structure is valid, simple boolean value under prReviewer key.

No automated checks failed (no precommit target in root Makefile, LICENSE file exists)

{
  "verdict": "approve",
  "summary": "Single-file PR adding .maintainer.yaml with prReviewer.autoApprove: true. The configuration is self-documenting with inline comments explaining the security implications (auto-approval counts toward branch protection). YAML structure is valid and correctly formatted.",
  "comments": [],
  "concerns_addressed": [
    "security: autoApprove behavior documented in file comments — explains APPROVE vs COMMENT behavior",
    "correctness: YAML structure is valid with simple prReviewer.autoApprove boolean"
  ]
}