fix: address review feedback on PR #93

- Fix Retry-After slice mutation: copy c.RetryBackoff before modifying
  to prevent permanent mutation of the shared slice (sonnet#1, security#1)
- Cap Retry-After to 120s maximum to prevent excessive sleeps (security#2)
- Guard auth header: only set Authorization when token is non-empty (gpt#2)
- Fix GetFileContent doc comment to match actual behavior (sonnet#3, gpt#1)
- Remove dead 'in_progress/queued' case in mapCheckRunStatus (sonnet#4)
- Add testing.Short() guard to slow retry test (sonnet#5)
- Reject dot-segments in escapePath to prevent path traversal (security#3)
- Add regression tests for non-mutation and escapePath safety

github/client_test.go

@@ -185,6 +185,9 @@ func TestIsUnauthorized(t *testing.T) {
 }
 
 func TestDoRequest_429RetryAfterHeader(t *testing.T) {
+	if testing.Short() {
+		t.Skip("skipping slow retry test in short mode")
+	}
 	attempts := 0
 	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		attempts++
@@ -222,3 +225,39 @@ func TestDoRequest_429RetryAfterHeader(t *testing.T) {
 		t.Errorf("expected ~1s delay from Retry-After, got %v", elapsed)
 	}
 }
+
+func TestDoRequest_RetryAfterDoesNotMutateBackoff(t *testing.T) {
+	if testing.Short() {
+		t.Skip("skipping slow retry test in short mode")
+	}
+	attempts := 0
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		attempts++
+		if attempts == 1 {
+			w.Header().Set("Retry-After", "1")
+			w.WriteHeader(429)
+			w.Write([]byte(`{"message":"rate limit"}`))
+			return
+		}
+		w.WriteHeader(200)
+		w.Write([]byte(`{"ok":true}`))
+	}))
+	defer srv.Close()
+
+	c := NewClient("token", srv.URL)
+	c.SetHTTPClient(srv.Client())
+	c.RetryBackoff = []time.Duration{1 * time.Millisecond, 1 * time.Millisecond}
+
+	_, err := c.doGet(context.Background(), srv.URL+"/test")
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+
+	// Verify the original RetryBackoff slice was not mutated
+	if c.RetryBackoff[0] != 1*time.Millisecond {
+		t.Errorf("RetryBackoff[0] was mutated: got %v, want 1ms", c.RetryBackoff[0])
+	}
+	if c.RetryBackoff[1] != 1*time.Millisecond {
+		t.Errorf("RetryBackoff[1] was mutated: got %v, want 1ms", c.RetryBackoff[1])
+	}
+}