#2084: Add Slack canvas read/create/update support

## Summary - detect Slack Canvas shares and pull content into inbound context (best-effort) - add Slack canvas actions (create/update) gated by channels.slack.actions.canvases - add canvas limits config + docs updates for scopes and limits - add canvas helper + tests for detection/fetch + inbound injection ## Testing - not run (unit/e2e) ## Manual verification 1) Add scopes: files:read, canvases:read, canvases:write (plus existing). Reinstall the Slack app. 2) Ensure Socket Mode works (app-level token with connections:write). 3) Create/share a canvas in a channel where the bot is present. 4) Post a message with the canvas link/file. Verify Clawdbot context includes a [Slack Canvas: ...] block or a short diagnostic. 5) Ask Clawdbot to create a canvas (e.g., "create a canvas titled X with Y"). Verify canvas creation. 6) Ask Clawdbot to update a canvas (by canvasId or channelId) and verify edits. <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> This PR adds Slack Canvas support in two places: - **Inbound ingestion**: detects canvas shares/files on incoming Slack messages, fetches the associated file content via `files.info` + `url_private_download`, and injects a best-effort `[Slack Canvas: ...]` block into the inbound prompt context with configurable byte/char limits. - **Outbound actions**: introduces new Slack actions for `createCanvas` / `updateCanvas`, gated behind `channels.slack.actions.canvases`, plus corresponding config schema/types and docs updates. Overall the changes fit the existing Slack monitor + action-gating architecture (monitor context carries limits; tools route through `handleSlackAction`; channel plugins advertise actions based on config). <h3>Confidence Score: 4/5</h3> - This PR looks safe to merge after fixing the `listPins` credential-selection bug. - The changes are additive and follow existing Slack monitor/action patterns, with tests included for canvas detection/fetch and inbound injection. The main issue found is a concrete logic bug in `handleSlackAction` where `listPins` may ignore `readOpts` unless `writeOpts` is set, which can break expected auth behavior. Remaining notes are performance/robustness considerations rather than correctness blockers. - src/agents/tools/slack-actions.ts (pin listing opts), src/slack/canvases.ts (recursive traversal robustness) <!-- greptile_other_comments_section --> **Context used:** - Context from `dashboard` - CLAUDE.md ([source](https://app.greptile.com/review/custom-context?memory=fd949e91-5c3a-4ab5-90a1-cbe184fd6ce8)) - Context from `dashboard` - AGENTS.md ([source](https://app.greptile.com/review/custom-context?memory=0d0c8278-ef8e-4d6c-ab21-f5527e322f13)) <!-- /greptile_comment -->