Add read-only gh CLI permissions to .claude/settings.json

[aram356]

Context

CLAUDE.md documents PR and issue workflows that use gh (see the "Standard Workflow" and subagents sections — pr-creator, pr-reviewer, issue-creator). However, .claude/settings.json does not allowlist any gh commands, so every read-only inspection (viewing a PR, listing issues, checking CI status) currently prompts the user.

Proposal

Add the following read-only gh subcommands to permissions.allow:

• Bash(gh pr view:*)
• Bash(gh pr list:*)
• Bash(gh pr diff:*)
• Bash(gh pr checks:*)
• Bash(gh issue view:*)
• Bash(gh issue list:*)
• Bash(gh run view:*)
• Bash(gh run list:*)
• Bash(gh repo view:*)

Also add Bash(git show:*) for symmetry with the existing read-only git allowlist (git diff, git log, git status, git branch).

Explicitly excluded

Mutating commands continue to prompt:

• gh pr create, gh pr comment, gh pr merge, gh pr close, gh pr review
• gh issue create, gh issue comment, gh issue close
• gh api (too broad — covers both reads and writes)
• gh workflow run, gh release create

This matches the existing pattern in the file, which allowlists read-only git/cargo/npm commands but never destructive ones.

Tracked in PR fixing the trailing-comma JSON syntax error in the same file.