fix: Limit HTTP error response body reads to prevent OOM

[evilgensec]

Problem

Two paths in github.go read HTTP error response bodies with no size limit:

// CheckResponse — fires on every non-2xx API response
data, err := io.ReadAll(r.Body)

// AcceptedError handler in bareDo — fires on 202 Accepted
b, readErr := io.ReadAll(resp.Body)

A server returning a very large error body causes the client process to exhaust memory. The webhook payload path already applies a 25 MiB limit via io.LimitReader in messages.go; the error-response paths had no equivalent guard.

Fix

Wrap both reads with io.LimitReader capped at maxErrorBodySize (1 MiB):

data, err := io.ReadAll(io.LimitReader(r.Body, maxErrorBodySize))
b, readErr := io.ReadAll(io.LimitReader(resp.Body, maxErrorBodySize))

All existing tests pass.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.71%. Comparing base (6c643b8) to head (499cf82).
⚠️ Report is 1 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #4191   +/-   ##
=======================================
  Coverage   93.71%   93.71%           
=======================================
  Files         209      209           
  Lines       19770    19770           
=======================================
  Hits        18527    18527           
  Misses       1046     1046           
  Partials      197      197           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.