fix: nightly hardening - yaml unsafe key guard

[mouse-value-add]

problem

The YAML frontmatter parser accepted reserved JavaScript object keys like __proto__, constructor, and prototype. In JavaScript, writing these keys can mutate object prototypes or introduce confusing object behavior, which weakens parser safety when untrusted profile content is loaded.

approach

• Added a guard in the YAML parser to reject unsafe object keys (__proto__, constructor, prototype) at parse time.
• Applied the guard to both top-level YAML key parsing and inline object parsing ({key: value}).
• Emit parser errors for blocked keys while continuing to parse safe fields.
• Added focused unit tests to verify unsafe keys are blocked and safe fields still parse.

verification

• Ran targeted tests: npm test -- --run test/parser/yaml.test.ts
• Ran full suite: npm test
• Result: 17 test files, 144 tests passed.

risks

• Profiles that previously relied on these reserved keys will now receive parse errors and those fields will be ignored.
• Error count can increase for malformed/untrusted inputs (intended behavior).

rollback plan

• Revert commit 4a11163 to restore prior parser behavior.
• If partial rollback is needed, remove only the unsafe-key guard checks in src/parser/yaml.ts and corresponding tests in test/parser/yaml.test.ts.