Add nanobot and picoclaw variant detection and scanning

[vitaly-ps]

User description

Add support for detecting and scanning nanobot and picoclaw installations alongside OpenClaw. All three variants produce the same output schema, differentiated by the bot_variant field.

How it works:

• Unified detection loop tries all known variants by priority (OpenClaw first, then nanobot, picoclaw). First match wins.
• OpenClaw uses CLI-based scanning (--json commands); nanobot and picoclaw use file-based config parsing (they lack --json CLI output).
• nanobot and picoclaw share a single scanner since they're almost identical except camelCase/snake_case difference (handled automatically by the parser) and session log format: nanobot stores sessions as JSONL, picoclaw as regular JSON — the parser handles both.
• Common tool-call aggregation logic (aggregate_tool_calls) extracted into scanner_utils.py, shared by both the OpenClaw and nano/picoclaw scan paths.

Bug fixes:

• Json5 (json with comments) formatted config files were parsed by custom parser which broke in some cases. Replaced with proper (library) json5 parser (added dependency).
• Similarly, yaml parser from md skills was hand-rolled and fragile. Replaced with proper PyYAML (also added dependency).
• Tool version parsing/extraction was fragile, replaced with more robust regex-based extractor.
• restrict_to_workspace: bool value in the report was read from wrong config section, thus always reporting false. Fixed, now reports real value.
• channels_with_allowlist in security audit was always empty because _extract_channels() dropped the allow_from field. Fixed.

Tested: 3 variants × 3 install states (nothing / CLI-only / full) on Ubuntu 24.04 ARM64, all 9 combinations verified. Additionally, nanobot and picoclaw validated with real session data (generated via actual tool calls).