v0.3.2: shell safety, :system :eval approval, skill sandbox

1. Shell actuator: remove double bash -c wrapping (format ~s produces
   S-expression-safe strings, not shell-safe). Now passes cmd directly
   to (timeout N bash -c cmd) via run-program arg list.

2. Dispatcher: extend high-impact approval gate to :system :eval.
   Previously only :shell, :tool "shell", and :emacs :eval triggered
   HITL. Now :system :eval also requires Flight Plan approval.

3. Skill sandbox: before promoting a skill from its jailed package to
   :passepartout, scan for restricted symbol references (uiop:run-program,
   uiop:shell, uiop:run-shell-command). Block promotion on violation.
   New skill-entry status :sandbox-blocked for blocked skills.

Test: 91 pass, 0 fail across 13 suites.

lisp/security-dispatcher.lisp

@@ -278,7 +278,8 @@ privacy tags, privacy text, shell safety, network exfil, high-impact approval."
       ;; Vector 8: High-impact action approval
       ((or (member target '(:shell))
            (and (eq target :tool) (member (proto-get payload :tool) '("shell" "repair-file") :test #'string=))
-           (and (eq target :emacs) (eq (proto-get payload :action) :eval)))
+           (and (eq target :emacs) (eq (proto-get payload :action) :eval))
+           (and (eq target :system) (eq (proto-get payload :action) :eval)))
        (log-message "SECURITY: High-impact action requires approval: ~a" (or (proto-get payload :tool) target))
        (list :type :EVENT :payload (list :sensor :approval-required :action action)))
       (t action))))