fix: improve PR fetch error handling and document fine-grained PAT 403 issue

[unhappychoice]

Summary

• Retry PR fetches only on 429 (rate limit), not on 403 (permission/policy errors)
• Log the response body message on non-OK responses so users can see the actual cause (e.g. organization lifetime policy)
• Add 200ms inter-request delay to follow GitHub API best practices
• Document the fine-grained PAT organization lifetime policy issue in docs/troubleshooting.md

Background

When using a fine-grained PAT with a lifetime exceeding 366 days, GitHub's default organization token policy blocks API access to repositories in organizations the user belongs to, even for public repositories. This causes 403 Forbidden errors during PR fetching.

The error message from GitHub is:

The 'org-name' organization forbids access via a fine-grained personal access tokens if the token's lifetime is greater than 366 days.

This is an inconsistency in GitHub's implementation: the approval policy correctly exempts public resources, but the lifetime policy does not. The same issue has been reported in composer/composer#12711.

Previously, the error was logged as just 403 Forbidden without the response body, making it impossible for users to diagnose the cause.

[codecov]

Codecov Report

❌ Patch coverage is 58.82353% with 14 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
src/collector/fetch-repo-prs.ts	58.82%	11 Missing and 3 partials ⚠️

📢 Thoughts on this report? Let us know!