Fixes orphan process issue by:
1. lib/agent-sdk.sh: Use setsid to run claude in a new process group
- All children of claude inherit this process group
- Changed all kill calls to target the process group with -PID syntax
- Affected lines: setsid invocation, SIGTERM kill, SIGKILL kill, watchdog cleanup
2. review/review-pr.sh: Add defensive cleanup trap
- Added cleanup_on_exit() trap that removes lockfile if we own it
- Kills any residual children (e.g., bash -c from Claude's Bash tool)
- Added explicit lockfile removal on all early-exit paths
- Added lockfile removal on successful completion
3. tests/test-watchdog-process-group.sh: New test to verify orphan cleanup
- Creates fake claude stub that spawns sleep 3600 child
- Verifies all children are killed when watchdog fires
Acceptance criteria met:
- [x] setsid is used for the Claude invocation
- [x] All three kill call sites target the process group (-PID)
- [x] review/review-pr.sh has EXIT/INT/TERM trap for lockfile removal
- [x] shellcheck clean on all modified files
