Add /review agentic workflow for android-tools-reviewer

[jonathanpeppers]

Port the android-tools-reviewer from a Copilot CLI skill (which used submit_review.cs + gh api) to a GitHub Agentic Workflow triggered by the /review slash command on pull requests. This follows the same pattern established in dotnet/android (example).

The workflow uses safe-outputs to post inline review comments and a review summary directly, removing the need for the custom C# submission script.

Changes

• .github/workflows/android-tools-reviewer.md -- agentic workflow with /review slash command trigger, claude-opus-4.6 model, roles: [admin, maintainer, write], min-integrity: none for external contributor PRs, and safe-outputs for review comments/submission
• .github/workflows/android-tools-reviewer.lock.yml -- compiled lock file (gh-aw v0.68.3)
• .github/agents/agentic-workflows.agent.md -- gh-aw dispatcher agent (matches dotnet/android)
• .github/aw/actions-lock.json -- pinned action SHAs
• .github/workflows/copilot-setup-steps.yml -- install gh-aw CLI extension, bump actions/checkout to v6
• .gitattributes -- mark *.lock.yml as linguist-generated with merge=ours
• .github/skills/android-tools-reviewer/SKILL.md -- updated workflow to remove script-based submission, add CI status checking, Copilot-authored PR handling, and direct review posting
• .github/copilot-instructions.md -- remove stale submit_review.cs reference

Removed

• .github/skills/android-tools-reviewer/scripts/submit_review.cs -- replaced by safe-outputs; the agentic workflow posts reviews directly via GitHub tools

[jonathanpeppers]

We'll have to merge to test, I believe.

[Copilot]

Pull request overview

Ports android-tools-reviewer from a script-based Copilot CLI skill to a GitHub Agentic Workflow triggered by the /review slash command, using safe-outputs to publish inline comments and the final review directly.

Changes:

• Add the /review agentic workflow source (.md) plus compiled .lock.yml, and introduce an agentic-workflows dispatcher agent.
• Update CI/setup to install the gh-aw CLI extension and bump actions/checkout.
• Remove the old submit_review.cs submission script and update skill/docs to reflect direct review posting.

Reviewed changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
.github/workflows/copilot-setup-steps.yml	Updates setup workflow to use newer checkout and install gh-aw CLI extension.
.github/workflows/android-tools-reviewer.md	Defines the /review slash-command agentic workflow prompt/instructions and safe-outputs limits.
.github/workflows/android-tools-reviewer.lock.yml	Adds the compiled workflow that runs the agent, threat detection, and safe-outputs submission pipeline.
.github/skills/android-tools-reviewer/scripts/submit_review.cs	Removes the old gh api-based batched review submission script.
.github/skills/android-tools-reviewer/SKILL.md	Updates reviewer methodology to post reviews directly and adds CI-status checking guidance.
.github/copilot-instructions.md	Removes the now-stale reference to running the removed submission script.
.github/aw/actions-lock.json	Introduces pinned SHAs for agentic workflow actions (gh-aw setup).
.github/agents/agentic-workflows.agent.md	Adds a dispatcher agent for creating/updating/debugging gh-aw workflows.
.gitattributes	Marks workflow lock files as generated and configures merges accordingly.

[simonrozsival]

I do not really understand why we added .github/agents/agentic-workflows.agent.md. This is an agent that we would use to create more agentic workflows, but it's not necessary for this workflow, right? Anyway, this PR was good to merge and we can choose to remove this agent definition later.

[jonathanpeppers]

I think the gh aw command creates this file, I must have manually removed when I did this for dotnet/android.