Security-review patch for ClawHub.\n\n- Replaces over-broad no-network/local-only claims with accurate package-level template safety metadata.\n- Adds explicit consent gates before project inspection, file generation, credential collection, live API routing, webhooks, and production-impacting actions.\n- Adds least-privilege, short-lived token guidance for XCLOUD_API_TOKEN.\n- Adds branch, backup, staging, and final-confirmation guidance for production deployments.\n- Regenerates .clawhubsafe checksums.