Sync fork with upstream OpenClaw

[sragss]

Summary

Syncs the Merit OpenClaw fork to upstream openclaw/openclaw main at f8d5f162a129fc6f70f6c5c65443cafbcb2aa491. This intentionally drops the old Craig-specific memory-compaction Discord notification patch because it emitted unsolicited status messages during compaction.

Changes

• Replaces the fork tree with current upstream OpenClaw main.
• Preserves the Merit Discord reaction helper that resolves bare guild emoji names to name:id.
• Drops the old pre-compaction Discord notification patch that caused extra chatter.
• Makes upstream GitHub automation tolerate the Merit fork when app-token secrets are not configured, and handles the one-time zizmor.yml to .github/zizmor.yml workflow-sanity migration.

Test Plan

• CI=true pnpm install --frozen-lockfile
• node scripts/test-extension.mjs discord -- send.sends-basic-channel-messages.test.ts
• git diff --check
• pnpm check:no-conflict-markers
• pnpm build
• Ruby YAML parse for .github/workflows/auto-response.yml, .github/workflows/labeler.yml, .github/workflows/workflow-sanity.yml
• Local simulation of workflow-sanity's old-base zizmor.yml migration path

CI Note

• actionlint, no-tabs, tui-pty, and Website Installer Sync passed on this PR.
• label, label-issues, and auto-response are failing because they are pull_request_target workflows running from the old base branch, which still requires GitHub App private-key secrets. This PR includes the fallback for future runs after merge, but GitHub will not use that workflow code for this PR's own pull_request_target jobs.