feat: expose moderation v2 API and schema contracts

[ArthurzKV]

Summary

Expose moderation v2 API/schema contracts with additive compatibility.

Why

Clients need structured moderation verdicts/reason codes/evidence while preserving existing booleans for backward compatibility.

Focused scope

This PR is scoped to one theme: API + schema surface for moderation v2.

What changed

• Extended GET /api/v1/skills/:slug moderation payload with additive fields.
• Added GET /api/v1/skills/:slug/moderation endpoint with role-based evidence visibility.
• Updated API handler tests for new behavior.
• Updated shared schema + CLI schema contracts.
• Follow-up fix included: hidden skill owners/staff using API tokens now receive structured moderation JSON (instead of plaintext hidden-state response); removed unsafe evidence type assertion.

Local validation

• bun run lint:oxlint
• bunx vitest run convex/httpApiV1.handlers.test.ts

AI assistance transparency

• AI-assisted: Yes (implemented with Codex assistance)
• Testing level: Targeted local validation on API/schema and handler tests
• I reviewed the final diffs and understand the behavior changes.

[vercel]

@ArthurzKV is attempting to deploy a commit to the Amantus Machina Team on Vercel.

A member of the Team first needs to authorize it.

[greptile-apps]

_{7 files reviewed, 2 comments}

_{Edit Code Review Agent Settings | Greptile}

[ArthurzKV]

Addressed moderation endpoint review feedback in commit 485fae8:

• /api/v1/skills/:slug/moderation now returns structured moderation JSON for owner/staff API-token callers even when the skill is hidden and getBySlug returns null.
• removed unsafe moderationEvidence type assertion by modeling moderation fields in local handler types.
• added regression coverage for hidden-owner moderation response path in convex/httpApiV1.handlers.test.ts.

Validation run: lint + API handler tests.