chore: add Copilot code review instructions

[Reese-max]

Summary

Add .github/copilot-instructions.md to guide Copilot's automated PR reviews with OpenAB-specific context.

Motivation

Copilot code review currently uses generic analysis. With project-specific instructions, it can focus on what matters for OpenAB:

• ACP protocol correctness — JSON-RPC routing, notification handling, timeout values
• Concurrency safety — atomic fields, Mutex across await points, session pool lock scope
• Discord API constraints — 2000 char message limit, 3s autocomplete deadline
• Skip CI-covered checks — no redundant rustfmt/clippy/test comments

Design Decisions

Modeled after block/goose's production-grade instructions (widely referenced as best practice).

Key choices:

• >80% confidence threshold — silence over noise
• "Skip These" section — explicitly tell Copilot what NOT to flag
• CI awareness — list exact CI commands so Copilot doesn't duplicate
• 3440 / 4000 chars — within Copilot's read limit

Changes

File	Change	Description
.github/copilot-instructions.md	NEW	67 lines, 3440 chars — review philosophy, priority areas, skip list

[Copilot]

Pull request overview

Adds a repository-scoped .github/copilot-instructions.md to steer automated Copilot PR reviews toward OpenAB’s most important correctness/concurrency/protocol concerns and away from CI-covered noise.

Changes:

• Introduce Copilot review philosophy (high-confidence, concise, actionable).
• Document OpenAB-specific focus areas (ACP JSON-RPC correctness, async concurrency, Discord constraints, config/deployment).
• Add “Skip” guidance aligned with CI checks to reduce redundant comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Reese-max]

@copilot apply changes based on the comments in this thread

[Copilot]

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 3 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The CI section is currently inaccurate: this repo’s CI runs cargo check, cargo clippy -- -D warnings, and cargo test, but does not run cargo fmt --check nor cargo clippy --all-targets (see .github/workflows/ci.yml). Consider updating this section (or adding a fmt check to CI) so Copilot doesn’t skip formatting/lint feedback based on a false assumption.

[Copilot]

The guidance "unwrap() in non-test code is always a bug" conflicts with the earlier note that some existing production code still uses unwrap/expect (e.g., src/config.rs:176, src/discord.rs:27/121), and would likely cause noisy reviews; consider narrowing it to flag newly introduced unwrap/expect in fallible paths rather than treating all uses as automatic bugs.

Suggested change

	- Incorrect error propagation — `unwrap()` in non-test code is always a bug
	- Incorrect error propagation — newly introduced `unwrap()`/`expect()` in fallible non-test production paths should usually be flagged unless failure is intentionally impossible and clearly justified

[Copilot]

Given the repo already documents a real ACP interop pitfall where session/request_permission auto-replies without the required outcome wrapper (see docs/steering/triage.md and current implementation in src/acp/connection.rs), consider making this instruction more specific about validating the response shape (not just that a response exists) to prevent repeating that protocol bug.

Suggested change

	- `session/request_permission` must always get a response (auto-allow or forwarded)
	- `session/request_permission` must always get a protocol-valid response (auto-allow or forwarded); verify the response shape matches ACP expectations, including the required `outcome` wrapper, not just that some response exists