fix: close install manifest packaging gaps (#2172)

- commands-core now ships scripts/harness-audit.js and scripts/skills-health.js:
  the module installs the whole commands/ dir, so /harness-audit and
  /skill-health were installed without their backing engines on
  manifest-driven installs (the original 1.10.0 failure mode)
- agentic-patterns now ships scripts/claw.js: the module installs the
  nanoclaw-repl skill, whose workflow operates scripts/claw.js
- package.json files array gains scripts/skills-health.js so the npm publish
  surface stays aligned with the module graph (claw.js and harness-audit.js
  were already listed)
- orchestration drops commands/multi-workflow.md and commands/sessions.md
  from its explicit paths: both are already shipped by commands-core, which
  is a declared dependency of the module, so the duplicate ownership produced
  two copy operations per destination in install-state. The two scripts/lib
  entries are kept because hooks-runtime is NOT a declared dependency and a
  standalone orchestration install still needs them

tests/scripts/npm-publish-surface.test.js

@@ -47,7 +47,6 @@ function buildExpectedPublishPaths(repoRoot) {
     "scripts/ci/supply-chain-advisory-sources.js",
     "scripts/consult.js",
     "scripts/control-pane.js",
-    "scripts/claw.js",
     "scripts/discussion-audit.js",
     "scripts/doctor.js",
     "scripts/status.js",
@@ -66,7 +65,6 @@ function buildExpectedPublishPaths(repoRoot) {
     "scripts/skill-create-output.js",
     "scripts/repair.js",
     "scripts/harness-adapter-compliance.js",
-    "scripts/harness-audit.js",
     "scripts/session-inspect.js",
     "scripts/uninstall.js",
     "scripts/gemini-adapt-agents.js",