fix: improve CLI argument validation for sensitive parameters with dot notation

pr_agent/agent/pr_agent.py

@@ -66,9 +66,9 @@ class PRAgent:
         if args:
             for arg in args:
                 if arg.startswith('--'):
+                    arg_word = arg.lower()
+                    arg_word = arg_word.replace('__', '.')  # replace double underscore with dot, e.g. --openai__key -> --openai.key
                     for forbidden_arg in forbidden_cli_args:
-                        arg_word = arg.lower()
-                        arg_word = arg_word.replace('__', '.') # replace double underscore with dot, e.g. --openai__key -> --openai.key
                         forbidden_arg_word = forbidden_arg.lower()
                         if '.' not in forbidden_arg_word:
                             forbidden_arg_word = '.' + forbidden_arg_word