ComposerLockDiff can overwrite a manually edited change in a PR description

[deviantintegral]

The ComposerLockDiff job is subject to a race condition, where a user's changes can be reverted:

1. A PR is opened and jobs start.
2. As the job runs, the job downloads a copy of the pull request description.
3. The author edits the PR description and saves it.
4. After processing, the job pushes up its copy of the PR description, missing the changes from step 3.

This could also go the other way, where a manual edit removes the lock diff table.

Surprisingly, this is actually a limitation of GitHub. There's no way to pass in a version ID, timestamp, or anything to ensure an underlying field of a pull request hasn't changed. Last edit wins: https://docs.github.com/en/rest/pulls/pulls?apiVersion=2022-11-28#update-a-pull-request

Instead, the job should post a comment and place its information in it. That way, there's far less of an expectation that users need to manually edit the contents.

[davereid]

I just ran into this today where I was editing a PR body and had my changes lost without any recovery.

[davereid]

Anything that needs to be updated automatically should likely be done in a sticky pull request comment.

[davereid]

I've used https://github.com/marocchino/sticky-pull-request-comment for this in the past.

[justafish]

Closing in favour of #332