feat(runtime): add safe secret input modes

[samzong]

Summary

• Add safe input modes for generated sensitive string flags so credentials can be supplied through --<flag>-env, --<flag>-file, or --<flag>-stdin instead of direct shell arguments.
• Expose safe input support through commands show --json via flags[].input_modes and bump the catalog schema from 7 to 8.
• Update generated Skill guidance and CLI usage docs so agents prefer safe input modes when command detail exposes them.

Closes #71.

Scope comparison

Area	Issue direction	This PR direction	Status
Safe input modes	Support env, stdin, file, and no-echo prompt	Support env, file, and stdin	Done
High-value credential path	Avoid putting provider API keys in shell arguments	--input-api-key-env OPENAI_API_KEY and sibling modes work for generated sensitive string flags	Done
Backward compatibility	Keep direct flags where needed	Existing --input-api-key sk-... style flags still work	Done
Mode conflicts	Avoid ambiguous secret sources	Using more than one input mode for the same flag returns an error	Done
Detection	Use schema metadata, overlays, and conservative names	Runtime uses conservative name matching plus format: password; no new overlay/schema surface	Done
Catalog	Expose safe modes through command detail	flags[].input_modes=[\"flag\",\"env\",\"file\",\"stdin\"] and catalog schema 8	Done
Prompt input	Add no-echo prompt	Not included in this first cut	Deferred
x-sensitive	Honor OpenAPI vendor extension	Not included	Deferred
Overlay metadata	Add explicit overlay sensitive control	Not included	Deferred
Request body schema fields	Support safe modes for arbitrary body fields	Not included; existing --set and --file remain unchanged	Deferred
Codegen architecture	Model sensitivity through the full IR/render pipeline	Not changed; this stays in the runtime/catalog boundary	Deferred

Verification

• make check

Compatibility

• Generated command behavior changes only for string flags inferred as sensitive by name or format: password; those flags gain additional sibling safe-input flags while preserving the direct flag.
• commands show --json adds flags[].input_modes for sensitive flags, and commands schema --json now reports catalog schema version 8.
• Request body handling, generated command paths, auth resolution, and generated output files are unchanged.

Checklist

• Tests or focused verification cover the changed surface.
• User-facing behavior changes are documented.
• Generated output under internal/generated/, .cache/, and ad-hoc skills/<cli-name>/ directories is not committed.
• Commits are signed off when this is ready to merge.