fix(skills): add timeout to Google OAuth urlopen calls (#28275)

[teknium1]

Salvage of #28275 by @Zyrixtrex.

What: Three Google OAuth/token urllib.request.urlopen() call sites had no timeout= argument, so a hung Google endpoint could block the agent turn indefinitely (Python falls back to the global socket timeout, which is unset by default).

How: Pass timeout=15 to each urlopen call across:

• plugins/platforms/google_chat/oauth.py (revoke)
• skills/productivity/google-workspace/scripts/gws_bridge.py (refresh_token)
• skills/productivity/google-workspace/scripts/setup.py (revoke)

Plus add explicit URLError/TimeoutError handling on the refresh path so a network failure prints a clean error instead of an unhandled exception. Test verifies timeout= is passed.

Original PR: #28275

[github-actions]

🚨 CRITICAL Supply Chain Risk Detected

This PR contains a pattern that has been used in real supply chain attacks. A maintainer must review the flagged code carefully before merging.

🚨 CRITICAL: Install-hook file added or modified

These files can execute code during package installation or interpreter startup.

Files:

skills/productivity/google-workspace/scripts/setup.py

---

Scanner only fires on high-signal indicators: .pth files, base64+exec/eval combos, subprocess with encoded commands, or install-hook files. Low-signal warnings were removed intentionally — if you're seeing this comment, the finding is worth inspecting.

[github-actions]

🔎 Lint report: hermes/hermes-3ad7d98a vs origin/main

ruff

Total: 0 on HEAD, 0 on base (➖ 0)

🆕 New issues: none

✅ Fixed issues: none

Unchanged: 0 pre-existing issues carried over.

ty (type checker)

Total: 8954 on HEAD, 8954 on base (➖ 0)

🆕 New issues: none

✅ Fixed issues: none

Unchanged: 4702 pre-existing issues carried over.

Diagnostics are surfaced as warnings — this check never fails the build.