fix(skills): preserve file modes across atomic writes

[liuhao1024]

Summary

Preserve existing file permissions when skill writes and bundled skill manifest updates replace files atomically.

Before this change, both tools.skill_manager_tool._atomic_write_text() and tools.skills_sync._write_manifest() rewrote existing files through mkstemp() + os.replace() without restoring the original mode first. That let SKILL.md and .bundled_manifest collapse to 0600, which breaks managed/shared Hermes runtimes that expect group-readable files.

Root cause

tempfile.mkstemp() creates the temp file with owner-only permissions. os.replace() then swaps that temp file into place, so the target inherits the temp file mode unless the write path explicitly preserves the old mode.

Fix

• capture the existing target mode before each atomic write
• apply that mode to the temp file before os.replace()
• reapply the mode after replacement as a defensive follow-up

Regression coverage

Added focused tests that verify both write paths preserve an existing 0664 mode, including the temp file mode at replace time:

• tools.skill_manager_tool._atomic_write_text() for SKILL.md
• tools.skills_sync._write_manifest() for .bundled_manifest

Testing

• scripts/run_tests.sh tests/tools/test_atomic_write_permissions.py -q
• scripts/run_tests.sh tests/tools/test_skill_manager_tool.py -q
• scripts/run_tests.sh tests/tools/test_skills_sync.py -q

Closes #14181

[liuhao1024]

Closing inactive PR with no discussion. Opened 2026-04-23 with 0 comments. Will reopen if still relevant.