fix(ci): grant required permissions to Claude review workflows

[wkoutre]

Summary

• Fix startup_failure: Replace permissions: {} in claude-code-review.yml and claude-pr-metadata-update.yml with the explicit set the reusable workflows in Uniswap/ai-toolkit require. The empty scope was capping the GITHUB_TOKEN delegated to the called workflow at no permissions, which the reusable workflow's job-level permissions: block cannot satisfy, so every recent run terminated as startup_failure before producing any job (e.g. https://github.com/Uniswap/protocol-fees/actions/runs/25402872564). The pattern matches Uniswap/initializer (also permissions: {}, also fails every run); Uniswap/universal-router (no permissions: block, inherits repo default) and Uniswap/universe (explicit permissions block) both run the same reusable workflow successfully.
• Fix invalid model: model: "claude-opus-4-5" is not a real Anthropic model; bumped to claude-opus-4-6.
• Bump pinned ai-toolkit SHA in both workflows from 9aa3cf98744a2b4e1aac51cd2d26144ea337ab3b to 96ef665ba04221de07e94fcc3ea69fe32c7cf306 (current Uniswap/ai-toolkit main tip). For the metadata workflow this is a clean bump (inputs schema unchanged). For the review workflow:
  • The new SHA replaced custom_prompt / custom_prompt_path with granular prompt_override_* inputs (one per prompt section). Dropped custom_prompt_path so the workflow falls back to the toolkit's curated default prompt. Splitting .claude/prompts/claude-pr-review.md into prompt_override_review_priorities, prompt_override_files_to_skip, prompt_override_communication_style, etc. can land as a follow-up using the pattern in Uniswap/universe and Uniswap/sdks.
  • Bumped contents permission from read to write: the new SHA's job-level permissions request contents: write to support the auto_fix feature.

Test plan

• On this PR, confirm [claude] Claude Code Review and [claude] Generate PR Title & Description complete without startup_failure.
• Confirm Claude posts a review (or a COMMENT-level review) on this PR.
• Confirm the metadata workflow generates / updates the PR description.

[github-actions]

🤖 Claude Code Review

🔄 Review in progress... Claude is analyzing this pull request. If a review can be seen below, it will be replaced by the results of this one.

_{⏱️ Reviews typically complete within 5-15 minutes depending on PR size.}

Waiting for review to complete...

---

_{💡 Want a fresh review? Add a comment containing @request-claude-review to trigger a new review at any time.}

[github-actions]

🤖 Claude PR Metadata Generation

Status: ❌ Error
Job: View workflow run

---

⚠️ Generation Failed

The automated PR title and description generation encountered an error.

Next Steps:

1. Check the workflow logs for details
2. Verify the GitHub Actions configuration
3. Ensure the Anthropic API key is valid

---

You can manually set the PR title and description, or re-trigger by pushing a new commit.

[github-actions]

🤖 Claude Code Review

Status: ⚠️ Partial (script error)
Job: View workflow run

---

The review was completed but there was an error posting inline comments.

Raw Review Output

No review output available

---

Please check the workflow logs for details.

[github-actions]

🤖 Claude Code Review

Status: ❌ Error
Job: View workflow run

---

⚠️ Review Failed

The automated code review encountered an error and could not complete.

Next Steps:

1. Check the workflow logs for details
2. Verify the GitHub Actions configuration
3. Ensure the Anthropic API key is valid
4. Check for any permission issues

If the problem persists, please contact your repository administrator.

---

You can manually re-trigger the review by pushing a new commit or re-running the workflow.