#17929: fix(skills): augment PATH with /etc/paths on macOS for binary detection

## Summary Fixes #17890. `detectBinary` uses `/usr/bin/env which <name>` to locate binaries, but inherits `process.env.PATH` from the parent process. When launched as a macOS app (not from a shell), the process PATH is restricted to `/usr/bin:/bin:/usr/sbin:/sbin`, which excludes `/opt/homebrew/bin` (Homebrew on Apple Silicon) and `/usr/local/bin`. ## Root Cause `detectBinary` spawns `which` via `runCommandWithTimeout`, which passes `process.env` to the child process. macOS app processes do not inherit shell-configured PATH, so Homebrew-installed binaries are invisible. ## Fix Add a `resolveSystemPath()` helper that reads `/etc/paths` and `/etc/paths.d/*` on macOS, plus common Homebrew prefixes (`/opt/homebrew/bin`, `/usr/local/bin`) as fallbacks. The merged PATH is passed to the `which` subprocess via the `env` option. ## Before ``` detectBinary("brew") with restricted PATH: false ❌ FAIL: detectBinary cannot find brew with restricted PATH ``` ## After ``` detectBinary("brew") with restricted PATH: true ✅ PASS: detectBinary finds brew with restricted PATH after fix ``` ## Test Plan - Added `onboard-helpers.detect-binary.test.ts` with 6 tests covering empty names, standard binaries, absolute paths, nonexistent binaries, and the macOS restricted-PATH regression case. - All tests pass locally. - Lint passes (`pnpm lint` — 0 warnings, 0 errors). <!-- greptile_comment --> <h3>Greptile Summary</h3> This PR fixes `detectBinary` failing to find Homebrew-installed binaries when the process runs as a macOS app (not from a shell), where `process.env.PATH` is restricted to `/usr/bin:/bin:/usr/sbin:/sbin`. - Adds a `resolveSystemPath()` helper that reads `/etc/paths` and `/etc/paths.d/*` on macOS, plus common Homebrew prefixes (`/opt/homebrew/bin`, `/usr/local/bin`) as fallbacks - The resolved system PATH is cached at module level to avoid repeated file I/O across multiple `detectBinary` calls - The merged PATH is passed via the `env` option to `runCommandWithTimeout`, which correctly merges it with `process.env` (preserving all other environment variables) - The fix is macOS-only — on other platforms, `resolveSystemPath()` returns `undefined` and the original behavior is preserved - Adds a new test file with 6 test cases covering edge cases and the macOS restricted-PATH regression <h3>Confidence Score: 5/5</h3> - This PR is safe to merge — it's a well-scoped macOS-only fix with proper caching, error handling, and no behavioral change on other platforms. - The fix is narrowly targeted to macOS binary detection, correctly reads standard system PATH configuration files, caches the result to avoid repeated I/O, and preserves existing behavior on all non-macOS platforms. The `runCommandWithTimeout` function properly merges the custom env with `process.env`, so all other environment variables are preserved. Error paths fall back gracefully to `undefined`. The test covers relevant edge cases and the specific regression scenario. - No files require special attention. _{Last reviewed commit: 68a25bb} <!-- greptile_other_comments_section --> <!-- /greptile_comment -->