feat(comment): auto-collapse spam comments behind env flag

[mashbean]

What

Comments are scored by the dedicated comment spam model (#4838), and ops has set MATTERS_COMMENT_SPAM_DETECTION_API_URL in dev+prod — but nothing yet acts on the stored spamScore. This wires the action.

Articles already auto-demote spam from listings via the excludeSpam modifier + the tunable system spam threshold. This adds the comment equivalent, using the softer collapsed state (folded but still expandable in-thread) rather than removal — per the platform's 「不刪除，只是不再被看見」 governance principle.

How

In commentService.detectSpam, after storing the score, when MATTERS_COMMENT_SPAM_AUTO_COLLAPSE=true:

• fetch the tunable system spam threshold (SystemService.getSpamThreshold),
• collapse the comment only if it's currently active and its score reaches the threshold,
• skip authors on the bypassSpamDetection whitelist (same carve-out as articles).

Gated behind a new env flag, default off → scoring stays observe-only until ops opts in. Zero-downtime, same rollout pattern as #4838. Collapse is reversible; no deletion.

Design notes / open questions for review

• Collapse vs exclude: articles exclude from listings (read-time); comments have a richer state model so I chose collapse (write-time state change) as the closest fit to 「不再被看見」. Open to read-time demotion instead if the team prefers symmetry with articles.
• Statement of reasons: not wired here. The restored reasons.py (conformal work, spam-detection-serverless#feat/conformal-abstention) produces DSA Art.17 statements; a follow-up could persist one on collapse.
• Relationship to the 海巡 bot: the bot is the external arm (reports/removes via Community Watch); this is the native server-side arm. They're complementary and can run together.

Test plan

• Unit test: score ≥ threshold + active + not whitelisted → collapsed
• No-op when flag off / score < threshold / already collapsed / whitelisted author
• Verify on staging with flag on before any prod enablement

🤖 Generated with Claude Code

[codecov]

Codecov Report

❌ Patch coverage is 80.95238% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 73.04%. Comparing base (85bdbe1) to head (3200027).
⚠️ Report is 40 commits behind head on develop.

Files with missing lines	Patch %	Lines
src/connectors/commentService.ts	80.95%	3 Missing and 1 partial ⚠️

Additional details and impacted files

@@             Coverage Diff             @@
##           develop    #4843      +/-   ##
===========================================
+ Coverage    72.82%   73.04%   +0.21%     
===========================================
  Files         1054     1066      +12     
  Lines        21263    21659     +396     
  Branches      4671     4816     +145     
===========================================
+ Hits         15485    15821     +336     
+ Misses        5706     5357     -349     
- Partials        72      481     +409     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.