fix(skills): clear mechanical SOFT validator warnings

[justinmclean]

Summary

Three non-judgement SOFT warnings eliminated:

• reviewer-routing: remove from placeholder comment — the skill reads from only; the stale placeholder entry was triggering a false-positive privacy-llm-gate advisory.

• security-issue-import: add --limit 5 to the rejections-ledger gh issue list call — unbounded calls silently cap at 30 results; the ledger issue is a singleton so 5 is a safe, explicit bound.

• release-prepare: replace --body "" with --body-file flow for the gh issue create in Step 1 — eliminates security-pattern-9 advisory about inline shell arguments.

Validator passes: 264 tests green; remaining SOFT warnings are all asf-coupling [low] and one action-inventory, both deferred to item 4.

Generated-by: Claude (Opus 4.7)

Type of change

• Skill change (.claude/skills/<name>/) — eval fixtures updated below
• Tool / bridge contract (tools/<system>/*.md)
• Python package (tools/*/ with pyproject.toml)
• Groovy reference impl
• Cross-cutting (RFC, AGENTS.md, sandbox, privacy-LLM)
• Documentation (docs/, README.md, CONTRIBUTING.md)
• Project template (projects/_template/)
• CI / dev loop (prek, workflows, validators)
• Other:

Test plan

• prek run --all-files passes
• For Python packages touched: uv run pytest / ruff check / mypy passes
• For Groovy bridges touched: command-line invocation tested end-to-end
• For skill changes: eval suite passes for the affected skill
  (PYTHONPATH=tools/skill-evals/src python3 -m skill_evals.runner tools/skill-evals/evals/<skill>/)
• For skill behaviour changes: a new or updated eval fixture is included in this PR
  (a regression test for the bug fixed / the behaviour added — see CONTRIBUTING.md)
• Other: