fix: wait for peer checks before OpenCode evidence

[seonghobae]

Summary

• restore the naruon peer-check wait before OpenCode locks in failed-check evidence
• keep OpenCode from waiting on itself while ordinary pending/expected checks finish
• update the workflow source guard so review-agent contexts stay ignored but peer checks still gate evidence timing

Verification

• actionlint .github/workflows/opencode-review.yml
• python3 scripts/checks/verify_supply_chain.py
• uv run --project services/analysis-engine pytest services/analysis-engine/tests/test_supply_chain_policy.py -q -k 'opencode_review_gate_ignores or opencode_review_unavailable'\n- uv run --project services/analysis-engine ruff format --check services/analysis-engine/tests/test_supply_chain_policy.py\n- git diff --check\n\n## Security Notes\n- Untrusted inputs: PR check metadata is read from GitHub GraphQL and used only to decide whether bounded evidence collection should retry.\n- Trust boundary: OpenCode still excludes its own workflow/check and review-agent status contexts, so it does not wait on itself or CodeRabbit/Copilot.\n- Safe failure: GraphQL lookup failure falls back to false and the existing bounded retry/final evidence collection path remains in place.\n- Logging/privacy: no new secrets or user data are logged.\n- Test points: workflow source guard asserts the peer-check wait, self-exclusion, review-agent filtering, and unavailable-provider evidence remain present.

[github-actions]

OpenCode Review Overview

• Head SHA: 5cca5aaf7121578a9f4f042e11480873396dd4bf
• Workflow run: 27818094070
• Workflow attempt: 1
• Gate result: OPENCODE_REVIEW_UNAVAILABLE (approval step)

OpenCode Agent did not produce a valid review payload after all current-head GitHub Checks completed.

• Result: OPENCODE_REVIEW_UNAVAILABLE
• Reason: OpenCode review attempts did not complete or did not return a valid control block.
• OpenCode outcomes: primary=failed, fallback=failed, second_fallback=failed

OpenCode runtime evidence:

• primary model call failed with HTTP 401: Unauthorized: Unauthorized (https://models.github.ai/inference/chat/completions)
• fallback-r1 model call failed with HTTP 401: Unauthorized: Unauthorized (https://models.github.ai/inference/chat/completions)
• fallback-v3 model call failed with HTTP 401: Unauthorized: Unauthorized (https://models.github.ai/inference/chat/completions)
• Head SHA: 5cca5aaf7121578a9f4f042e11480873396dd4bf
• Workflow run: 27818094070
• Workflow attempt: 1

No blocking review was submitted because this is an agent/runtime failure, not a source-backed code finding.