feat(ncu-ci): parse comments to find a safe commit

[aduh95]

Currently, the request-ci only works for approved PRs. This is annoying because:

• collaborators cannot approve their own PRs, and have to wait for someone else to approve their PR for them, or start the CI manually.
• it gives an incentive to approve a PR just to run the CI rather than because the collaborator actually supports it.

There have been suggestions to use PR author, or PR head repo owner, or commit signature, or a combination of the three – but I don't really like that idea, because:

• it doesn't help for PRs from non-collaborators.
• we should care about who is requesting the CI, not who's proposing the change.

IIUC comments are not editable by triagers, so should be a safe way to determine a safe SHA for unapproved PRs.