Update SKILL.md with Web Bot Auth browsing instructions

[nvp-stripe]

Summary

Updates skills/create-payment-credential/SKILL.md so agents know about Web Bot Auth and use it correctly. Three targeted additions to the existing skill file:

1. Step 2: bot protection during browsing: new subsection after the credential-type table explaining what to do when the merchant site returns 403. Agents are told to call web-bot-auth sign <url> and attach the returned Signature and Signature-Input headers to their HTTP requests.

2. Step 5: mpp pay auto-bypass: updated description of mpp pay to tell agents that 403 (bot protection) is handled automatically before the 402 flow no manual web-bot-auth sign call is needed when using mpp pay.

3. Errors table: two new rows: recovery guidance for (a) 403 during merchant browsing in Step 2, and (b) the Received 403 before and after Web Bot Auth retry error from mpp pay, which signals the merchant is blocking for a non-bot-protection reason.

Motivation

Without this update, the SKILL.md that agents load has no mention of bot protection. An agent following the current skill would:

• Hit a Cloudflare-protected merchant in Step 2, get a 403, and have no recovery path; likely abandoning the purchase or prompting the user unnecessarily.
• Not know that mpp pay handles 403 transparently, potentially trying to manually sign and inject headers before calling mpp pay (redundant work).
• Receive the Received 403 before and after Web Bot Auth retry error from mpp pay with no understanding of what it means or what to do next.

The SKILL.md is the canonical source of truth that LLMs use to reason about Link. Code without a skill update ships dead capability: agents won't use what they can't discover.