security: limit @claude triggers to comments only

Remove issue creation/assignment and PR review submission events,
keeping only comment-based triggers. This reduces the event surface
area and ensures @claude is only invoked through explicit comment
mentions, making it harder to trigger accidentally.

Author: bosconi

.github/workflows/claude.yml

@@ -5,10 +5,6 @@ on:
     types: [created]
   pull_request_review_comment:
     types: [created]
-  issues:
-    types: [opened, assigned]
-  pull_request_review:
-    types: [submitted]
 
 jobs:
   claude:
@@ -21,14 +17,6 @@ jobs:
         github.event_name == 'pull_request_review_comment' &&
         contains(github.event.comment.body, '@claude') &&
         contains('OWNER,MEMBER,COLLABORATOR', github.event.comment.author_association)
-      ) || (
-        github.event_name == 'pull_request_review' &&
-        contains(github.event.review.body, '@claude') &&
-        contains('OWNER,MEMBER,COLLABORATOR', github.event.review.author_association)
-      ) || (
-        github.event_name == 'issues' &&
-        (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')) &&
-        contains('OWNER,MEMBER,COLLABORATOR', github.event.issue.author_association)
       )
     runs-on: ubuntu-latest
     permissions: