fix: use is_relative_to() for symlink boundary check in skills_guard

The symlink escape check in _check_structure() used startswith()
without a trailing separator. A symlink resolving to a sibling
directory with a shared prefix (e.g. 'axolotl-backdoor') would pass
the check for 'axolotl' since the string prefix matched.

Replaced with Path.is_relative_to() which correctly handles directory
boundaries and is consistent with the skill_view path check.

tools/skills_guard.py

@@ -743,7 +743,7 @@ def _check_structure(skill_dir: Path) -> List[Finding]:
         if f.is_symlink():
             try:
                 resolved = f.resolve()
-                if not str(resolved).startswith(str(skill_dir.resolve())):
+                if not resolved.is_relative_to(skill_dir.resolve()):
                     findings.append(Finding(
                         pattern_id="symlink_escape",
                         severity="critical",