Add git reference support for skill install

[JAORMX]

Summary

• Plain skill names (thv skill install my-skill) created "pending" records that never resolved — a dead-end UX problem. This replaces the pending path with an actionable 404 error.
• Users can now install skills directly from git repos: thv skill install git://github.com/org/repo#path/to/skill
• New pkg/skills/gitresolver/ package handles URL parsing, clone resolution, host-scoped auth, and secure file writing.

Relates to #4015

Type of change

• New feature

Test plan

• Unit tests (task test)
• E2E tests (task test-e2e)
• Linting (task lint-fix)

Changes

File	Change
pkg/skills/gitresolver/reference.go	New — git:// URL parsing with SSRF prevention (private IP/localhost rejection, absolute path/backslash rejection)
pkg/skills/gitresolver/resolver.go	New — Resolver interface: clones repo, extracts skill files, enforces 2-min clone timeout
pkg/skills/gitresolver/auth.go	New — host-scoped auth resolution (GITHUB_TOKEN only sent to github.com, etc.)
pkg/skills/gitresolver/writer.go	New — writes files to disk with symlink checks, containment validation, permission cap (0644)
pkg/skills/skillsvc/git_install.go	New — installFromGit, resolveGitReference, upsertGitSkill methods with supply chain defense
pkg/skills/skillsvc/skillsvc.go	Git check added before OCI in Install(), dead-end installPending replaced with actionable 404
pkg/skills/skillsvc/skillsvc_test.go	Updated tests for new behavior (pending → 404, group tests use extraction path)
pkg/api/server.go	Wired WithGitResolver in service construction
cmd/thv/app/skill_install.go	Updated Long description with git reference examples
test/e2e/api_skills_test.go	Updated E2E tests for new plain-name 404 behavior

Does this introduce a user-facing change?

Yes. thv skill install now accepts git references:

thv skill install git://github.com/org/repo#skills/my-skill
thv skill install git://github.com/org/repo@v1.0#skills/my-skill

Plain skill names that can't be resolved locally now return an actionable error instead of creating a dead-end "pending" record.

Special notes for reviewers

Security review completed

• Credential exfiltration prevented: Tokens are host-scoped per-clone — GITHUB_TOKEN only sent to github.com, GITLAB_TOKEN only to gitlab.com. GIT_TOKEN is opt-in fallback.
• Clone timeout: 2-minute context.WithTimeout prevents slowloris-style hangs.
• Path validation hardened: validateSkillPath rejects absolute paths and backslashes in addition to .. traversal.
• SSRF: Static host validation rejects localhost/private IPs.
• Supply chain: Skill name in SKILL.md must match the name implied by the git reference.
• Resource limits: LimitedFs caps clones at 10k files / 100MB.

Known limitations for follow-up

• DNS rebinding not mitigated (needs custom http.Transport with DialContext hook)
• No host allowlist (denylist only)
• collectFiles reads only top-level files in the skill directory (flat structure)
• No Resolver mock generated yet — installFromGit unit tests should be added with a mock

This is PR 2 of 2 — split from #4042. Depends on the git package move in the base branch.

Generated with Claude Code

[github-actions]

Large PR Detected

This PR exceeds 1000 lines of changes and requires justification before it can be reviewed.

How to unblock this PR:

Add a section to your PR description with the following format:

## Large PR Justification

[Explain why this PR must be large, such as:]
- Generated code that cannot be split
- Large refactoring that must be atomic
- Multiple related changes that would break if separated
- Migration or data transformation

Alternative:

Consider splitting this PR into smaller, focused changes (< 1000 lines each) for easier review and reduced risk.

See our Contributing Guidelines for more details.

---

This review will be automatically dismissed once you add the justification section.