feat: resolve CLI session, skills, auth, and docs issue batch

[guima-why]

Summary

This PR resolves the GitHub issue batch around interactive command ergonomics, session persistence, skills management, Alibaba Cloud authentication, provider support, Windows compatibility, and website documentation.

CLI and interactive workflow

• Add /memory for listing, viewing, searching, and deleting saved memories from the interactive REPL.
• Add /status to show the current session ID, provider, model, Alibaba Cloud region, working directory, recorded API token usage, turn count, and context usage.
• Add /skills management so users can discover bundled/user/project skills, search and sort them, and toggle user/project skills on or off.
• Add /rename so the active session can be given a stable human-readable name.
• Extend /resume and --resume to resolve sessions by exact ID, unique ID prefix, or unique session name.
• Improve cross-project resume behavior by printing a safe cd ... && iac-code --resume <id> command instead of mutating the current process into a different project context.

Session and storage behavior

• Keep the new session format consistently directory-based, including usage sidecar storage, to avoid file-vs-directory conflicts.
• Preserve compatibility with legacy session lookup where needed while making the current layout the source of truth.
• Improve interrupted-session recovery by handling orphaned tool calls so resumed sessions can continue cleanly instead of waiting for tool output that will never arrive.
• Add session metadata support needed by naming, picker display, and resume-by-name behavior.

Skills management

• Support bundled, user, and project skill discovery in the management UI.
• Persist disabled user/project skills through settings.yml under disabled_skills.
• Keep bundled skills locked enabled and excluded from the disabled list.
• Hide disabled user/project skills from model-visible skill listings and automatic triggers, and return a disabled-skill error for direct skill tool calls.
• Add $<skill-name> documentation for skill-only autocomplete and invocation.

Alibaba Cloud auth and provider support

• Add Alibaba Cloud OAuth browser login with PKCE, local callback handling, OAuth site selection, refresh token persistence, and STS credential refresh.
• Add Qwen 3.7 model support and related model/version updates.
• Update provider/test fixtures so release-version-sensitive update checker tests are independent of the package's current version.

Windows compatibility

• Improve Windows resume/session handling by avoiding POSIX-only assumptions in paths, shell snippets, and session display logic.
• Add coverage for Windows-style session paths and cross-platform command rendering behavior.

Documentation and i18n

• Update website docs for command-line options, slash commands, interactive mode, sessions, skills, and Alibaba Cloud credentials.
• Localize the website changes for de, es, fr, ja, pt, and zh-Hans with real translations rather than English placeholders.
• Keep root docs/ review notes out of the submitted diff.
• Remove generated i18n artifacts from the branch history: no .gitignore exceptions for messages.pot / messages.mo, and no tracked .pot / .mo files in the current branch.

Verification

• PATH="$HOME/.local/bin:$PATH" make test
  • 4009 passed, 244 warnings
• PATH="$HOME/.local/bin:$PATH" make lint
  • Ruff passed
  • ty passed
• npm run build from website/
  • Built all locales: en, zh-Hans, ja, fr, de, es, pt

Notes for reviewers

• /status reports cumulative provider-recorded API usage for the session. That is intentionally separate from current context-window usage.
• cache_read is displayed separately; the recorded API total remains input + output.
• Generated translation files remain excluded. Source .po files are tracked; generated .pot / .mo files are not.
• The branch was cleaned so local review notes under root docs/ are not part of the PR.