docs: explain org-member review flow for external contributor PRs

[Sayt-0]

Important

Merge #16 first. This PR documents the requester-authorized review flow for external and fork contributor PRs, which only works once #16 (feat(review-pr): authorize review_requested via the requester for external contributors) lands. Merging this ahead of #16 would describe a flow that does not yet function and would briefly contradict the on-main defense-in-depth text that #16 updates.

Summary

Documents the UX for org members handling external and fork contributor PRs across three docs. The flow, with no special commands or workflow inputs:

1. An org member approves the workflow run (GitHub gates Actions on PRs from first-time and external contributors).
2. An org member requests a review from docker-agent via the native review-request UI (PR sidebar, Reviewers).

File	Change
review-pr/README.md	New External and fork contributor PRs section with the full two-step flow
CONTRIBUTING.md	New Automated PR Review section (org members vs external and fork contributors)
README.md	One-line pointer and link in the PR Review Workflow section

Alignment with open PRs

PR	Relationship
#16	Source of the documented behavior. The review is authorized by the requesting org member, not the PR author. This PR's wording matches that model.
#13	Compatible. The "only triage or write access can request a reviewer" phrasing matches #13's GitHub-native enforcement framing.

Conflict avoidance

Changes are additive. The new section in review-pr/README.md is inserted before Customizing, outside the regions #16 and #13 edit (the "What you get" trigger table and the defense-in-depth blockquote), so it merges cleanly against both.

Validation

Check	Result
Merges cleanly against #16 and #13 (additive, non-overlapping regions)	yes
Em-dash, double-hyphen, or emoji in added prose	none
Cross-file anchor links resolve (#external-and-fork-contributor-prs)	yes
Markdown lists, links, and backticks valid	yes