fix(kya_lib): remove broken SIG_RE.pattern fallback in unlock_wallet

[fadai216]

Summary

unlock_wallet() in scripts/kya_lib.py has a broken validation check on the JSON-decode fallback path:

token = out if SIG_RE.pattern and out else ""

SIG_RE.pattern is the pattern string of the compiled regex ("^0x[a-fA-F0-9]{130}$"), so it is always truthy. The expression reduces to token = out if out else "", meaning the fallback path accepts any non-empty stdout as a session token — defeating the validation it was meant to provide. A malformed awp-wallet unlock output would become a fake token that flows through os.environ["AWP_WALLET_TOKEN"] into every subsequent command.

Fix

Current awp-wallet (≥ 0.17.0 per SKILL.md) always emits JSON on unlock, so the legacy text fallback is dead code. Replace it with an empty-string sentinel so the existing

if not token:
    die(f"awp-wallet unlock returned no token (stdout={out!r})")

check triggers cleanly, instead of silently admitting garbage.

Diff

     try:
         token = json.loads(out).get("token", "")
     except json.JSONDecodeError:
-        # 一些老版本支持 `unlock --raw` 直接打印 token；兼容一下
-        token = out if SIG_RE.pattern and out else ""
+        # awp-wallet emits JSON-only now; no legacy text fallback
+        token = ""

No behaviour change for the common path (successful JSON parse). Only tightens the malformed-output path, which would have previously leaked invalid data forward.