fix(sec-core): fail open unsupported Hermes skill ledger

[1570005763]

Description

• Adds a Hermes Skill Ledger fail-open path for unsupported Hermes / SkillFS in-place skill roots.
• Detects .skillfs-inbox, skill-discover/SKILL.md, and filesystem loop traversal errors before invoking agent-sec-cli.
• Updates Hermes plugin docs to state that Skill Ledger security checks are temporarily unsupported in Hermes and surfaces the short warning: 暂不支持Hermes场景，请自行关注skill安全性。

Related Issue

no-issue: maintainer-requested Hermes compatibility fallback

Type of Change

• Bug fix (non-breaking change that fixes an issue)
• New feature (non-breaking change that adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation update
• Refactoring (no functional change)
• Performance improvement
• CI/CD or build changes

Scope

• cosh (copilot-shell)
• sec-core (agent-sec-core)
• skill (os-skills)
• sight (agentsight)
• tokenless (tokenless)
• ckpt (ws-ckpt)
• memory (agent-memory)
• anolisa (anolisa-cli)
• skillfs (SkillFS)
• Multiple / Project-wide

Checklist

• I have read the Contributing Guide
• My code follows the project's code style
• I have added tests that prove my fix is effective or that my feature works
• I have updated the documentation accordingly
• For cosh: Lint passes, type check passes, and tests pass
• For sec-core (Rust): cargo clippy -- -D warnings and cargo fmt --check pass
• For sec-core (Python): Ruff format and pytest pass
• For skill: Skill directory structure is valid and shell scripts pass syntax check
• For sight: cargo clippy -- -D warnings and cargo fmt --check pass
• For tokenless: cargo clippy -- -D warnings and cargo fmt --check pass
• For memory (Linux only): cargo clippy --all-targets -- -D warnings, cargo fmt --check, and cargo test pass
• For anolisa: cargo clippy --all-targets --locked -- -D warnings, cargo fmt --all --check, and cargo test --locked pass
• For skillfs: cargo fmt --all --check, cargo clippy --workspace --all-targets -- -D warnings, and cargo test --workspace pass
• Lock files are up to date (package-lock.json / Cargo.lock)

Testing

• make python-code-pretty from src/agent-sec-core
• uv run --project src/agent-sec-core/agent-sec-cli pytest src/agent-sec-core/tests/unit-test/hermes-plugin
• git diff --check

Additional Notes

The Hermes integration intentionally fail-opens for this unsupported path so it does not add errors or blocking behavior on top of Hermes skill discovery failures.

[edonyzpc]

LGTM