ci: add lgtm code reviewer

Author: scastlara

.github/workflows/lgtm.yml

@@ -0,0 +1,50 @@
+name: LGTM Review
+
+on:
+  issue_comment:
+    types: [created]
+
+jobs:
+  lgtm-review:
+    if: |
+      github.event.issue.pull_request &&
+      startsWith(github.event.comment.body, '/lgtm review')
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check if commenter has write access
+        id: check-permission
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          USER=${{ github.event.comment.user.login }}
+          REPO=${{ github.repository }}
+          PERMISSION=$(curl -s -H "Authorization: Bearer $GITHUB_TOKEN" \
+            https://api.github.com/repos/$REPO/collaborators/$USER/permission \
+            | jq -r '.permission')
+
+
+          if [[ "$PERMISSION" == "admin" || "$PERMISSION" == "maintain" || "$PERMISSION" == "write" ]]; then
+            echo "HAS_PERMISSION=true" >> $GITHUB_ENV
+          else
+            echo "HAS_PERMISSION=false" >> $GITHUB_ENV
+          fi
+
+      - name: Fail if unauthorized
+        if: env.HAS_PERMISSION == 'false'
+        run: |
+          echo "User ${{ github.event.comment.user.login }} is not authorized to trigger this workflow."
+          exit 1
+
+      - name: Checkout PR code
+        uses: actions/checkout@v4
+        with:
+          ref: refs/pull/${{ github.event.issue.number }}/merge
+
+      - name: Run LGTM Review
+        run: |
+          docker run --rm elementsinteractive/lgtm-ai \
+          review \
+          --pr-url "https://github.com/${{ github.repository }}/pull/${{ github.event.issue.number }}" \
+          --git-api-key "${{ secrets.GITHUB_TOKEN }}" \
+          --ai-api-key "${{ secrets.AI_API_TOKEN }}" \
+          -vv

lgtm.toml

@@ -0,0 +1,7 @@
+technologies = ["Golang"]
+categories = ["Correctness", "Quality", "Testing", "Security"]
+exclude = ["go.mod", "go.sum"]
+model = "gemini-2.5-flash-preview-*"
+silent = false
+publish = true
+ai_retries = 2