#23754: Skills: enforce capability manifest requirements

## Summary - add capability-manifest parsing for skills (`requiredTools`, `requiresSandbox`) from frontmatter and `metadata.openclaw.capabilities` - include parsed capabilities on skill entries and enforce capability checks in skill eligibility filtering - gate skills when required tools are blocked by policy or when sandbox is required but not configured ## Testing - pnpm check - pnpm vitest run --config vitest.unit.config.ts src/agents/skills/frontmatter.test.ts src/agents/skills.buildworkspaceskillsnapshot.test.ts src/agents/skills.test.ts <!-- greptile_comment --> <h3>Greptile Summary</h3> Adds capability manifest parsing for skills that enforces tool policy and sandbox requirements. Skills can now declare `requiredTools` and `requiresSandbox` in their frontmatter or `metadata.openclaw.capabilities`, and the system will filter out skills when required tools are blocked by policy or when sandbox is required but not configured. The implementation correctly parses capabilities from multiple naming conventions (kebab-case, snake_case, camelCase) and integrates with existing tool policy infrastructure. <h3>Confidence Score: 5/5</h3> - This PR is safe to merge with minimal risk - The implementation is well-structured with comprehensive test coverage for both tool policy and sandbox capability checking. The code properly integrates with existing policy infrastructure, handles multiple naming conventions, and includes defensive programming patterns. No logical errors, security issues, or breaking changes were identified. - No files require special attention _{Last reviewed commit: a778e16} <!-- greptile_other_comments_section --> <!-- /greptile_comment -->