Restrict reply agent shell permissions to comments endpoint

Narrow gh api permission from wildcard to just the PR comments
endpoint. Also add jq permission needed for JSON body construction.

Author: derekmisler

review-pr/agents/pr-review-reply.yaml

@@ -93,6 +93,7 @@ agents:
 
 permissions:
   allow:
-    - shell:cmd=gh api *
+    - shell:cmd=gh api repos/*/pulls/*/comments*
+    - shell:cmd=jq *
     - shell:cmd=grep *
     - shell:cmd=cat *