fix(sec-core): resolve Skill Ledger FUSE and unmanaged roots

[1570005763]

Description

Fix Skill Ledger runtime exposure for SkillFS/FUSE-visible skill paths and unmanaged skill roots.

• resolve user-visible FUSE paths to the managed source/backing root before running live-root checks or writing activation state
• keep default skill directories out of live-root source resolution so FUSE views are not trusted as managed roots
• make skill-ledger show return an unmanaged diagnostic with exit 0 for roots the current daemon cannot manage
• keep hooks silent for unmanaged roots because message is null, while preserving normal risk prompts for managed roots

Related Issue

closes #1115

Type of Change

• Bug fix (non-breaking change that fixes an issue)
• New feature (non-breaking change that adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation update
• Refactoring (no functional change)
• Performance improvement
• CI/CD or build changes

Scope

• cosh (copilot-shell)
• sec-core (agent-sec-core)
• skill (os-skills)
• sight (agentsight)
• tokenless (tokenless)
• ckpt (ws-ckpt)
• memory (agent-memory)
• anolisa (anolisa-cli)
• skillfs (SkillFS)
• Multiple / Project-wide

Checklist

• I have read the Contributing Guide
• My code follows the project's code style
• I have added tests that prove my fix is effective or that my feature works
• I have updated the documentation accordingly
• For cosh: Lint passes, type check passes, and tests pass
• For sec-core (Rust): cargo clippy -- -D warnings and cargo fmt --check pass
• For sec-core (Python): Ruff format and pytest pass
• For skill: Skill directory structure is valid and shell scripts pass syntax check
• For sight: cargo clippy -- -D warnings and cargo fmt --check pass
• For tokenless: cargo clippy -- -D warnings and cargo fmt --check pass
• For memory (Linux only): cargo clippy --all-targets -- -D warnings, cargo fmt --check, and cargo test pass
• For anolisa: cargo clippy --all-targets --locked -- -D warnings, cargo fmt --all --check, and cargo test --locked pass
• For skillfs: cargo fmt --all --check, cargo clippy --workspace --all-targets -- -D warnings, and cargo test --workspace pass
• Lock files are up to date (package-lock.json / Cargo.lock)

Testing

• uv run --project src/agent-sec-core/agent-sec-cli pytest src/agent-sec-core/tests/unit-test/skill_ledger src/agent-sec-core/tests/integration-test/skill-ledger/test_skill_ledger_integration.py src/agent-sec-core/tests/unit-test/security_middleware/backends/test_skill_ledger_backend.py src/agent-sec-core/tests/unit-test/cosh_hooks/test_skill_ledger_hook.py src/agent-sec-core/tests/unit-test/hermes-plugin/test_skill_ledger.py src/agent-sec-core/tests/unit-test/daemon/test_skill_ledger_activation.py -q
• make python-code-pretty from src/agent-sec-core
• uv run --project src/agent-sec-core/agent-sec-cli ruff check --config src/agent-sec-core/agent-sec-cli/pyproject.toml src/agent-sec-core/agent-sec-cli/src/agent_sec_cli/skill_ledger/core/live_root.py src/agent-sec-core/agent-sec-cli/src/agent_sec_cli/skill_ledger/core/decision.py src/agent-sec-core/agent-sec-cli/src/agent_sec_cli/skill_ledger/config.py
• git diff --check

Additional Notes

This PR intentionally leaves SkillFS activation schema unchanged and keeps SkillFS unaware of scan status or user decisions.

[edonyzpc]

补一下单元测试

[edonyzpc]

decide_skill/clear_decision/rollback_skill/show_skill 均在入口添加了路径解析，但 export_skill 没有调用 require_live_skill_dir，需要确认

[edonyzpc]

show_skill 对 unmanaged root 返回 message=null，所有 hook（即使 policy=block）都静默放行，hook 层的 _resolve_skill_dir 仅在固定 base 路径下查找，不会触达 unmanaged 路径，需要在代码中文档化