chore: remove SkillMetadata.permissions and derive skill sandboxing from permission_profile

[celia-oai]

Summary

This change removes the compiled permissions field from skill metadata and keeps permission_profile as the single source of truth.

Skill loading no longer compiles skill permissions eagerly. Instead, the zsh-fork skill escalation path compiles skill.permission_profile when it needs to determine the sandbox to apply for a skill script.

Behavior change

For skills that declare:

  permissions: {}

we now treat that the same as having no skill permissions override, instead of creating and using a default readonly sandbox. This change makes the behavior more intuitive:

• only non-empty skill permission profiles affect sandboxing
• omitting permissions and writing permissions: {} now mean the same thing
• skill metadata keeps a single permissions representation instead of storing derived state too

Overall, this makes skill sandbox behavior easier to understand and more predictable.