#7007: Fix security audit false-positive for symlinked state dir

### Problem OpenClaw's legacy state-dir migration intentionally creates a symlink like ~/.clawdbot -> ~/.openclaw. On POSIX, symlink mode bits are not meaningful, but the security audit was using lstat() and treating the symlink's 777 bits as world-writable, producing a critical false-positive. ### Fix - Keep reporting the state dir as a symlink (trust boundary warning). - Evaluate read/write bits on the symlink target via stat() (follows symlink) on non-Windows platforms. ### Tests - Added a POSIX test that creates a state dir symlink to a 0700 dir and asserts we warn about symlink but do not flag world-writable. <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> Updates the filesystem permission audit to treat POSIX symlink mode bits as non-authoritative: it still flags the state directory as a symlink (trust-boundary warning), but derives read/write bits from the symlink target via `stat()` (following the link) on non-Windows platforms. Adds a regression test ensuring a symlinked state dir pointing to a `0700` directory triggers the symlink warning without incorrectly flagging world-writable perms. This fits into the existing `src/security` audit framework by refining `inspectPathPermissions()` to report more accurate POSIX permission findings while preserving the existing Windows ACL-based checks. <h3>Confidence Score: 4/5</h3> - This PR is generally safe to merge and fixes a real false-positive, with minor consistency/cleanup issues to consider. - The change is localized and aligns with POSIX semantics for symlink mode bits, and the added test covers the reported regression. Remaining concerns are minor: an internal inconsistency in `inspectPathPermissions()` on the Windows codepath (bits computed outside the branch) and test temp-dir cleanup. - src/security/audit-fs.ts (Windows branch consistency); src/security/audit.test.ts (temp dir cleanup). <!-- greptile_other_comments_section --> _{(3/5) Reply to the agent's comments like "Can you suggest a fix for this @greptileai?" or ask follow-up questions!} <!-- /greptile_comment -->