fix(ci): Use role_name instead of permission for maintainer check

The GitHub API's permission field uses legacy values where the
maintain role is mapped to write, making it impossible to distinguish
maintainers from regular write-access users. The role_name field
provides the actual assigned role.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: stephanie-anderson

.github/workflows/close-unvetted-pr.yml

@@ -41,7 +41,9 @@ jobs:
                   repo: repoName,
                   username,
                 });
-                result = ['admin', 'maintain'].includes(data.permission);
+                // permission field uses legacy values (admin/write/read/none) where
+                // maintain maps to write. Use role_name for the actual role.
+                result = ['admin', 'maintain'].includes(data.role_name);
               } catch {
                 // noop — result stays false
               }