Replaces the autofix in 326a1da (reverted in 51f2f04b4), which mistakenly
required `workspace` to live under the global config's skills directory
and therefore caused `resolve_skills_dir` to *always* fall back to the
global skills dir — silently breaking workspace-local `.agents/skills`
and `./skills` loading.
Apply the right containment check instead: canonicalize the workspace
once, canonicalize each candidate, and require the candidate to
`.starts_with` the canonicalized workspace before returning it. A
`skills` symlink that escapes the workspace (e.g. to `/etc`) now causes
the candidate to be rejected and resolution to fall back to the
configured global skills directory, preserving real symlink-escape
defense without regressing the feature.
Adds three regression tests: positive case for `.agents/skills`,
positive case for the `./skills` fallback, and a Unix-only test that
constructs a symlink-escaping `skills` directory and asserts it is
rejected.
Hunter Bown
22414f15f7