Add sandboxed deterministic understand preflight

[eloe]

Summary

This adds a conservative /understand-sandbox entrypoint for users who want to try Understand Anything in security-sensitive environments before enabling the full workflow.

The sandbox path:

• copies a selected project subset into a temp sandbox
• excludes dependency/build/VCS/cache/media/local-secret files
• runs only deterministic scripts: scan-project.mjs, extract-import-map.mjs, and extract-structure.mjs
• writes artifacts under the sandbox, not the live repo
• skips auto-update, dashboard launch, and LLM subagent analysis

This also removes two scanner-hostile patterns from existing skills:

• replaces optional git rev-parse HEAD subprocess usage in merge-knowledge-graph.py with direct .git metadata reads
• replaces stale trash cleanup docs with a guarded purge-old-trash.py helper instead of inline recursive shell deletion

Verification

• python3 -m py_compile understand-anything-plugin/skills/understand-sandbox/sandbox-pilot.py understand-anything-plugin/skills/understand/purge-old-trash.py understand-anything-plugin/skills/understand-knowledge/merge-knowledge-graph.py
• pnpm test — 16 files / 207 tests passed
• sandbox smoke run against a Next/TypeScript repo: 84 files scanned, 165 import edges, 0 skipped files

SkillSpector scan notes

Scanned the affected skills locally with skillspector --no-llm:

Skill	Score	Severity	Recommendation
understand-sandbox	26	MEDIUM	CAUTION
understand-knowledge	13	LOW	SAFE
understand	100	CRITICAL	DO_NOT_INSTALL

understand still has pre-existing scanner findings around env-file parsing and output-guideline wording. This PR does not claim the full workflow is SkillSpector-clean; it adds a smaller sandboxable path and removes a couple of unnecessary high-friction findings.