grant pull-requests: write to PR quality checks workflow

[thewatermethod]

Description of change

Fixes the pr-quality-checks workflow so both diff_size_check and review_count_check actually post their advisory comments. They had been silently 403'ing with Resource not accessible by integration and the try/catch swallowed the failure, so the workflow reported success while no comment was ever posted.

Root cause: PR conversation comments are governed by the pull-requests permission scope, not issues — even when created via POST /repos/{owner}/{repo}/issues/{number}/comments. The workflow had pull-requests: read. (#3688 had upgraded issues: write, which is the wrong scope.)

Changes:

• Grant pull-requests: write (load-bearing fix).
• Add non-leaky diagnostics: a core.info preamble (event, action, repo, PR#, base ref, cross-repo flag) and an enriched catch that logs e.status and e.request.url. No tokens, secrets, headers, or response bodies are logged.
• Revert on: pull_request_target → on: pull_request (reverting [TTAHUB-5460] Update quality_check workflows to use correct permissions #3708). With the real bug now understood as a permission scope issue, the pull_request_target trade-off has no practical benefit for this repo's all-internal-branch contribution model, and pull_request lets the workflow be exercised pre-merge on the PR branch.

How to test

Already validated on this PR:

• Successful run: https://github.com/HHS/Head-Start-TTADP/actions/runs/28031050059
• Both marker comments are now visible on this PR from github-actions[bot]:
  • <!-- pr-quality-diff-size --> — ✅ within threshold
  • <!-- pr-quality-review-count --> — ⚠️ 0 of 2 required approvals

Jira Issue(s)

• https://jira.acf.gov/browse/TTAHUB-5491

Checklists

Every PR

• Linked Jira issue
• JIRA issue status updated
• Code is meaningfully tested
• Meets accessibility standards (WCAG 2.1 Levels A, AA)
• API Documentation updated
• Boundary diagram updated
• Logical Data Model updated
• Architectural Decision Records written for major infrastructure decisions
• UI review complete
• QA review complete

Before merge to main

• OHS demo complete
• Ready to create production PR

After merge/deploy

• Update JIRA ticket status

[github-actions]

✅ Diff size: 20 lines — within the 500-line guideline.

[github-actions]

✅ Review count: 2 human approvals — tommaroh, AdamAdHocTeam.

[Copilot]

Pull request overview

This PR updates the PR Quality Checks GitHub Actions workflow to reliably post (or update) advisory PR conversation comments for diff size and required review count, by correcting the workflow token permission scope and improving failure diagnostics.

Changes:

• Switch trigger back to pull_request and update job if: conditions accordingly.
• Grant pull-requests: write permission (required for posting PR conversation comments).
• Add lightweight core.info context logging and enrich catch logs with HTTP status + request URL.

Impact assessment (benefit/risk):

• Benefit: High — restores intended automated PR feedback and adds actionable diagnostics for failures.
• Risk: Medium — workflow trigger/permission changes affect CI behavior and can regress review-comment updating if event gating is incorrect.