add ask-bonk workflows

[elithrar]

Add two ask-bonk GitHub Actions workflows, both restricted to CODEOWNERS only.

bonk.yml -- comment-triggered workflow. Responds to /bonk or @ask-bonk mentions in issue comments, PR comments, and PR reviews. Uses contents: write so it can push changes when asked. Mirrors the cloudflare-docs bonk.yml.

new-pr-review.yml -- auto-reviews new PRs when opened (non-fork only). Uses contents: read (review-only, no auto-fixes). Custom prompt tailored for workerd code review:

• C++ quality (KJ patterns, ownership, lifetime safety)
• backward compat violations (missing compat flags)
• autogate usage for risky changes
• security (sandbox escapes, capability leaks, input validation)
• Cap'n Proto wire compat
• JSG binding correctness
• Node.js compat layer behavior
• Bazel BUILD correctness

Skips formatting issues (clang-format handles those). Responds with LGTM when there are no actionable issues.

Required secrets (need to be configured if not already present):

• CF_AI_GATEWAY_ACCOUNT_ID
• CF_AI_GATEWAY_NAME
• CF_AI_GATEWAY_TOKEN

[codspeed-hq]

Merging this PR will degrade performance by 16.23%

❌ 1 regressed benchmark
✅ 69 untouched benchmarks
⏩ 129 skipped benchmarks¹

⚠️ Please fix the performance issues or acknowledge them on CodSpeed.

Performance Changes

	Benchmark	BASE	HEAD	Efficiency
❌	jsonResponse[Response]	39.9 µs	47.6 µs	-16.23%

---

_{Comparing add-bonk-workflows (dfbe3a5) with main (69ab367)}

Footnotes

1. 129 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports. ↩

[jasnell]

We can give this a shot but I'm not sure this is nuanced enough... this may likely end up flagging intentional stubs as issues.

[danlapid]

Then we edit it

[elithrar]

We need an AGENTS.md as well here - if we can get that here we can trim this down too!