fix: improve CLI argument validation for sensitive parameters with dot notation

pr_agent/agent/pr_agent.py

@@ -66,9 +66,9 @@ class PRAgent:
         if args:
             for arg in args:
                 if arg.startswith('--'):
-                    for forbidden_arg in forbidden_cli_args:
                     arg_word = arg.lower()
                     arg_word = arg_word.replace('__', '.')  # replace double underscore with dot, e.g. --openai__key -> --openai.key
+                    for forbidden_arg in forbidden_cli_args:
                         forbidden_arg_word = forbidden_arg.lower()
                         if '.' not in forbidden_arg_word:
                             forbidden_arg_word = '.' + forbidden_arg_word