Add explicit handling for non-trusted permission levels

Address review feedback: explicitly handle the fallthrough case in the
permission check to make it clear that triage, read, none, and API errors
are not trusted signals.

Made-with: Cursor

Author: rwgk

.github/workflows/restricted-paths-guard.yml

@@ -123,6 +123,9 @@ jobs:
                 LABEL_ACTION="not needed (collaborator permission is a trusted signal)"
                 TRUSTED_SIGNALS="collaborator_permission:$COLLABORATOR_PERMISSION"
                 ;;
+              *)
+                # triage, read, none, or API error: not a trusted signal
+                ;;
             esac
           fi