feat(security): add content scanning for SKILL.md files

[mrgoonie]

Summary

Add content security scanning to detect prompt injection, invisible characters, and suspicious patterns in SKILL.md files at registration time.

• Content scanner (content-scanner.ts): Pure function detecting DANGER patterns (invisible Unicode, ANSI escapes, prompt injection, JS protocol URLs, shell injection) and CAUTION patterns (HTML tags, URL shorteners, base64 blocks, env access)
• DB migration: Added risk_label column to skills table (safe/caution/danger/unknown)
• Register API: Sanitizes content (strips zero-width chars + ANSI) then scans before insert
• Skill detail API: Lazy-fetch path also scans + sanitizes
• CLI: Warning banners for caution/danger skills, content boundary markers in raw mode with risk metadata
• Web UI: ShieldAlert warning banners + risk badge on skill detail page

Policy: warn + display, never block. Scanner is regex-based — catches low-hanging fruit, not APT-level attacks.

Phase 5 of the Identifier Redesign + Security plan.

Test plan

• Build succeeds (pnpm build for both web and CLI)
• Register a clean skill → risk_label = "safe"
• Register skill with invisible Unicode → risk_label = "danger", chars stripped
• CLI shows red WARNING banner for danger skills
• CLI raw mode wraps content with boundary markers including risk label
• Web skill detail shows ShieldAlert banner for caution/danger
• Web content renderer shows risk badge
• Existing seeded skills unaffected (default "unknown", no warnings)