Post issue-bot results as a PR comment

[ondrejmirtes]

Summary

• Posts and maintains a single PR comment with the issue-bot's findings for each PR run, identified across runs by a <!-- phpstan-issue-bot --> marker.
• At workflow start, if a prior bot comment already exists, replaces its body with a "run in progress, view job" notice. If none exists yet, nothing is posted (we don't know yet whether changes will be reported).
• At workflow end:
  • Changes detected (exit 2): create or update the comment with the markdown report (same content currently sent to $GITHUB_STEP_SUMMARY).
  • No changes (exit 0): update the existing comment to note no changes; if no comment exists, skip.
• Uses the default GITHUB_TOKEN (no PHPSTAN_BOT_TOKEN needed). pull-requests: write is granted only to the two new comment-posting jobs (pr-comment-init, pr-comment-finalize) — the workflow default is contents: read. The push-mode flow (commenting on GitHub issues after merge to 2.2.x) is untouched.

Test plan

• Open a draft PR with no changes affecting issue-bot snippets → no PR comment is posted.
• Open a draft PR that does change snippet results → a comment with the report appears after the run completes.
• Push another commit to that PR → pr-comment-init updates the existing comment to "run in progress" within ~10s; final state is replaced when the new run finishes (either the new report, or a "no changes" notice).
• Confirm the ::notice :: annotation still appears for change-detected PRs.
• Confirm push events to 2.2.x continue to post per-issue comments via PHPSTAN_BOT_TOKEN (push pathway is byte-identical aside from the new top-level permissions: default).

🤖 Generated with Claude Code