#20585: fix: pre-flight ownership check before global update

Fixes #20583 (part 2) ## Problem When `openclaw update` runs a global npm install, it moves the package dir to staging then reinstalls. If files are owned by root (e.g. skill installed with sudo), npm gets EACCES and fails silently, leaving a partial directory. ## Fix - `checkDirectoryOwnership(dirPath)` in update-global.ts — recursively checks file ownership - Pre-flight check in update-runner.ts before global install — aborts with clear error if foreign-owned files found ## Tests 3 new tests in update-global.test.ts. All pass. <!-- greptile_comment --> <h3>Greptile Summary</h3> Added pre-flight ownership check to prevent global npm install failures when package directories contain root-owned files. The fix introduces `checkDirectoryOwnership()` which recursively scans for foreign-owned files and aborts the update with a clear remediation message (`sudo chown -R $(whoami) <path>`) before attempting the risky move-to-staging operation. <h3>Confidence Score: 5/5</h3> - This PR is safe to merge with minimal risk - The implementation is defensive (gracefully handles Windows/platforms without getuid), well-tested (3 comprehensive test cases including Windows simulation and ownership mocking), and follows existing patterns in the codebase. The early-abort approach prevents data loss, and the error message provides clear remediation steps. - No files require special attention _{Last reviewed commit: b8c511d} <!-- greptile_other_comments_section --> _{(3/5) Reply to the agent's comments like "Can you suggest a fix for this @greptileai?" or ask follow-up questions!} <!-- /greptile_comment -->