feat(config-audit): cross-plugin collision scanner COL (v5 N6) [skip-docs]

New COL scanner detects skill-name collisions across plugins and
between user-level skills (~/.claude/skills/) and plugin-bundled
skills. Skill identity is the directory basename — matches how
enumerateSkills resolves names.

Detection rules (per docs/v5-namespace-research.md, confidence: medium):
- Plugin-vs-plugin same skill name → severity low (CA-COL-001)
- User-vs-plugin same skill name → severity medium (CA-COL-001)
- Plugin-vs-built-in collisions: out of scope for v5.0.0 (insufficient
  verification — recorded for v5.0.1 follow-up).

Findings carry details.namespaces array with {source, name, path} for
every conflicting source — supports per-collision reporting downstream.

output.mjs: finding() helper now passes through optional `details`
field (scanner-specific structured payload).

scoring.mjs: COL → "Plugin Hygiene" (new area, 10 total). Posture test
updated from 9 → 10 area scores.

.gitignore: docs/v5-namespace-research.md is local-only (Step 22a
research output, gitignored per plan).

Fixture collision-plugins/fake-home/ has user skill `review` colliding
with plugin-a + plugin-b's `review` (medium severity), plus plugin-c's
unique `summarize` (no collision).

[skip-docs] reason: v5 plan fences off README/CLAUDE.md badge updates
to Session 5; Forgejo pre-commit-docs-gate hook requires this tag.

Tests: 617 → 625 (+8).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

plugins/config-audit/tests/fixtures/collision-plugins/fake-home/.claude/plugins/marketplaces/mp/plugins/plugin-a/.claude-plugin/plugin.json

@@ -0,0 +1 @@
+{"name": "plugin-a", "version": "1.0.0", "description": "test"}

plugins/config-audit/tests/fixtures/collision-plugins/fake-home/.claude/plugins/marketplaces/mp/plugins/plugin-a/skills/review/SKILL.md

@@ -0,0 +1,5 @@
+---
+name: plugin-a:review
+description: review skill from plugin-a
+---
+Plugin A review.

plugins/config-audit/tests/fixtures/collision-plugins/fake-home/.claude/plugins/marketplaces/mp/plugins/plugin-b/.claude-plugin/plugin.json

@@ -0,0 +1 @@
+{"name": "plugin-b", "version": "1.0.0", "description": "test"}

plugins/config-audit/tests/fixtures/collision-plugins/fake-home/.claude/plugins/marketplaces/mp/plugins/plugin-b/skills/review/SKILL.md

@@ -0,0 +1,5 @@
+---
+name: plugin-b:review
+description: review skill from plugin-b
+---
+Plugin B review.

plugins/config-audit/tests/fixtures/collision-plugins/fake-home/.claude/plugins/marketplaces/mp/plugins/plugin-c/.claude-plugin/plugin.json

@@ -0,0 +1 @@
+{"name": "plugin-c", "version": "1.0.0", "description": "test"}

plugins/config-audit/tests/fixtures/collision-plugins/fake-home/.claude/plugins/marketplaces/mp/plugins/plugin-c/skills/summarize/SKILL.md

@@ -0,0 +1,5 @@
+---
+name: plugin-c:summarize
+description: summarize skill from plugin-c
+---
+Plugin C summarize.

plugins/config-audit/tests/fixtures/collision-plugins/fake-home/.claude/skills/review/SKILL.md

@@ -0,0 +1,5 @@
+---
+name: review
+description: user-level review skill
+---
+User review.