fix: issue-triage workflow fails due to shell-quote parsing of --allowedTools

[keeb]

Description

The /triage command fails on all issues since #852 hardened the --allowedTools patterns.

Root Cause

claude-code-action uses shell-quote to parse claude_args. The unquoted Bash(...) patterns containing spaces get mangled:

1. Parentheses () are treated as shell operators and stripped
2. Spaces inside patterns cause word-splitting — e.g. Bash(gh api --method POST:*/reactions) becomes separate tokens
3. --method from inside a Bash pattern gets parsed as a standalone CLI flag, corrupting the argument structure
4. Claude Code exits with code 1

The workflow logs from #902's triage attempt confirm the allowed tools were parsed as ["Read", "Glob", "Grep", "Bash", "gh", "issue", "api"] instead of the intended Bash(...) patterns.

Fix

Wrap the --allowedTools value in single quotes so shell-quote preserves it as a single token.

Introduced In

#852 (commit 8eab7fe)