refactor(kanban): fold worker/orchestrator skills into injected guidance (#50473)

The kanban-worker and kanban-orchestrator bundled skills existed only to
be force-loaded into dispatcher-spawned workers, gated by
environments:[kanban] so they wouldn't leak into normal CLI listings.
That gating was fragile (the leak that #50443 patched) and the
--skills auto-load was already best-effort — most workers ran without it
because the bundled skill isn't present in profile-scoped skills dirs.

Remove the skills entirely and promote their load-bearing content
(workspace kinds, deliverable artifacts, created-card integrity, profile
discovery) into KANBAN_GUIDANCE, which is already injected into every
kanban worker's system prompt. Net result: every worker reliably gets
the guidance, nothing can leak into a CLI/blank-slate session, and the
gating machinery is gone.

- agent/prompt_builder.py: promote the 4 load-bearing rules into KANBAN_GUIDANCE
- hermes_cli/kanban_db.py: drop --skills kanban-worker auto-injection + _kanban_worker_skill_available probe
- hermes_cli/kanban_swarm.py: drop skills=[kanban-orchestrator] on the root card
- hermes_cli/kanban.py: drop kanban-init skill seeding; fix help text
- delete skills/devops/kanban-{worker,orchestrator}
- docs: delete the two skill pages (EN+zh), fix sidebars/catalog/kanban.md/kanban-worker-lanes.md and the video-orchestrator + codex-lane references
- tests: update spawn-argv expectations; re-bound the guidance-size guard

Supersedes the skill-leak half of #50443 (credit @helix4u for flagging the area).

agent/prompt_builder.py

@@ -238,6 +238,23 @@ KANBAN_GUIDANCE = (
     "of the decomposition. Do NOT execute the work yourself; your job is "
     "routing, not implementation.\n"
     "\n"
+    "## Reference details that change outcomes\n"
+    "\n"
+    "- **Workspace.** `cd $HERMES_KANBAN_WORKSPACE` first. For a `worktree` kind "
+    "with no `.git`, `git worktree add <path> "
+    "${HERMES_KANBAN_BRANCH:-wt/$HERMES_KANBAN_TASK}` from the main repo, then "
+    "cd there.\n"
+    "- **Deliverables.** Files a human wants go in "
+    "`kanban_complete(artifacts=[<absolute paths>])` (top-level param; paths in "
+    "`metadata` are NOT uploaded). Files must exist at completion.\n"
+    "- **Created cards.** List ids in `kanban_complete(created_cards=[...])` "
+    "ONLY when captured from a successful `kanban_create` return — never invent "
+    "or paste ids; the kernel rejects the completion on any phantom id.\n"
+    "- **Orchestrating: discover profiles first.** The dispatcher SILENTLY "
+    "drops a card with an unknown assignee (it sits in `ready` forever). Ground "
+    "every assignee in a real profile (`hermes profile list`, or ask the user), "
+    "and express dependencies via `parents=[...]` on `kanban_create`, not prose.\n"
+    "\n"
     "## Do NOT\n"
     "\n"
     "- Do not shell out to `hermes kanban <verb>` for board operations. Use "

agent/skill_utils.py

@@ -280,9 +280,9 @@ def skill_matches_environment(frontmatter: Dict[str, Any]) -> bool:
     This is an OFFER-time filter: it controls whether a skill shows up in the
     skills index / autocomplete / slash-command list. It is intentionally NOT
     enforced by ``skill_view`` or ``--skills`` preloading — an explicit load is
-    explicit consent, and load-bearing force-loads (e.g. the kanban dispatcher
-    injecting ``--skills kanban-worker``) must always succeed regardless of how
-    the offer surfaces filter the skill.
+    explicit consent, and load-bearing force-loads (e.g. a dispatcher pinning
+    a task to a specialist skill via ``--skills``) must always succeed
+    regardless of how the offer surfaces filter the skill.
 
     A skill matches when ANY of its declared environments is currently active
     (OR semantics, mirroring ``platforms``). Unknown env tags fail open.