fix(validate-pr): Allow trusted bots and service accounts to bypass validation

Adds an allowlist of trusted bots and service accounts that are exempt
from issue reference validation. Prevents dependabot, renovate, and
internal release bots from being automatically closed.

The allowlist is managed centrally in validate-pr.js — SDK repos pick
up changes via SHA bumps.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: stephanie-anderson

validate-pr/scripts/validate-pr.js

@@ -17,6 +17,21 @@ module.exports = async ({ github, context, core }) => {
   const prAuthor = pullRequest.user.login;
   const contributingUrl = `https://github.com/${repo.owner}/${repo.repo}/blob/${context.payload.repository.default_branch}/CONTRIBUTING.md`;
 
+  // --- Step 0: Skip allowed bots and service accounts ---
+  const ALLOWED_BOTS = [
+    'codecov-ai[bot]',
+    'dependabot[bot]',
+    'fix-it-felix-sentry[bot]',
+    'getsentry-bot',
+    'github-actions[bot]',
+    'javascript-sdk-gitflow[bot]',
+    'renovate[bot]',
+  ];
+  if (ALLOWED_BOTS.includes(prAuthor)) {
+    core.info(`PR author ${prAuthor} is an allowed bot. Skipping validation.`);
+    return;
+  }
+
   // --- Helper: check if a user has admin or maintain permission on a repo (cached) ---
   const maintainerCache = new Map();
   async function isMaintainer(owner, repoName, username) {