fix(maintainer): use affiliation=all so org-owned repos get maintainers

[anderdc]

Problem

gittensor-ai-lab/sparkinfer (and other org-owned repos) showed zero maintainers in the maintainers table. The nightly MaintainerPopulateService logged:

WARN [MaintainerPopulateService] gittensor-ai-lab/sparkinfer: empty maintainer set from GitHub, skipping

Root cause

fetchRepoCollaborators queried GET /repos/{owner}/{repo}/collaborators?affiliation=**direct**, which only returns users explicitly added to the repo. It excludes insiders who get access via a team or org base permission. The other input, /orgs/{org}/members, only exposes public members to the app installation token.

gittensor-ai-lab has no public members (private membership is GitHub's default) and grants repo access without direct collaborator entries — so both inputs returned empty, the maintainer set was empty, and the populate step skipped the repo (it fails closed rather than wipe).

This is not a per-install permission difference (every install has identical app permissions) and not a setup error on the org — it's the affiliation=direct filter being too narrow for org-owned repos.

Fix

Switch the collaborators fetch to affiliation=all. Any insider with repo access — direct collaborator, team-based, or org base permission, plus org owners — is now captured, regardless of org-membership visibility.

This is deliberate and matches the data's contract: the live maintainers table is overlaid on top of GitHub's stored author_association (miners.service.ts: COALESCE(m_author.association, p.author_association)), so it must reproduce the OWNER / MEMBER / COLLABORATOR association semantics. GitHub marks any org insider with repo access as a maintainer regardless of how access was granted — so affiliation=all is the faithful set, not a permission-level reinterpretation.

Why not the alternatives

• Ask the org to make members public — manual, per-person, fixes only this repo, and recurs on every future private org.
• Add org Members: read to the app — forces every org owner to re-approve the install and only helps where the app is installed org-wide.
• Filter to admin/maintain permission — would make the table disagree with GitHub's author_association (which counts read-only members/collaborators as MEMBER/COLLABORATOR), breaking the COALESCE overlay.

Impact

Downstream, maintainer status gates PR-reward exclusion and the maintainer_cut carve-out. With sparkinfer previously showing zero maintainers, its configured maintainer_cut was being silently skipped (carve-out is bypassed when the maintainer set is empty). After this change the carve-out routes correctly and insider PRs are excluded as intended.

Testing

• npm run build (nest build) passes
• prettier + eslint clean on the changed file