fix(telegram): persist native command metadata to target sessions

[BingqingLyu]

Summary

• Problem: Telegram native commands were persisting inbound session metadata to the slash envelope key (agent:<agent>:telegram:slash:<user>) even when the command was targeting a bound topic/helper session.
• Why it matters: this let slash-shaped keys get backfilled with group/topic metadata, matching the fake alias pattern reported in [Bug]: Telegram helper-agent slash:<user> session keys are incorrectly mapped to group:<group_id>:topic:1 sessions openclaw/openclaw#57509.
• What changed: Telegram native command metadata persistence now prefers CommandTargetSessionKey, and regression coverage now asserts the persisted key matches the actual target session in private, helper-topic, configured ACP topic binding, and bound-topic-session flows.
• What did NOT change (scope boundary): this PR does not change model fallback behavior, session restore/indexing outside the Telegram native-command path, or Slack/Discord native command handling.

Change Type (select all)

• Bug fix
• Feature
• Refactor required for the fix
• Docs
• Security hardening
• Chore/infra

Scope (select all touched areas)

• Gateway / orchestration
• Skills / tool execution
• Auth / tokens
• Memory / storage
• Integrations
• API / contracts
• UI / DX
• CI/CD / infra

Linked Issue/PR

• Closes [Bug]: Telegram helper-agent slash:<user> session keys are incorrectly mapped to group:<group_id>:topic:1 sessions openclaw/openclaw#57509
• Related #
• This PR fixes a bug or regression

Root Cause / Regression History (if applicable)

• Root cause: extensions/telegram/src/bot-native-commands.ts always persisted inbound session metadata using ctxPayload.SessionKey, which is the slash envelope key, instead of the actual chat target session.
• Missing detection / guardrail: the existing Telegram session-metadata tests asserted the old slash-key behavior and did not verify that metadata followed CommandTargetSessionKey.
• Prior context (git blame, prior PR, issue, or refactor if known): issue [Bug]: Telegram helper-agent slash:<user> session keys are incorrectly mapped to group:<group_id>:topic:1 sessions openclaw/openclaw#57509 reported helper-agent Telegram slash keys being projected to topic/group session shells.
• Why this regressed now: native command delivery already separated slash envelope routing from target-session mutation, but metadata persistence did not follow the same target-session rule.
• If unknown, what was ruled out: ruled out a general Telegram slash-session issue by reproducing the problem specifically in helper-topic / configured-binding paths and fixing the implicated persistence callsite.

Regression Test Plan (if applicable)

• Coverage level that should have caught this:
  • Unit test
  • Seam / integration test
  • End-to-end test
  • Existing coverage already sufficient
• Target test or file: extensions/telegram/src/bot-native-commands.session-meta.test.ts
• Scenario the test should lock in: Telegram native commands must persist session metadata to the same target session named by CommandTargetSessionKey, including helper-topic and ACP-bound topic flows.
• Why this is the smallest reliable guardrail: it exercises the real Telegram native-command routing and session-metadata persistence seam without needing a live Telegram bot.
• Existing test that already covers this (if any): none before this change; the file had related coverage but it locked in the wrong key.
• If no new test is added, why not: N/A

User-visible / Behavior Changes

Telegram helper/topic native commands no longer create or refresh fake telegram:slash:<user> session entries with topic/group metadata through this code path.