feat: add CLI integration alongside MCP

[arcjet-rei]

Summary

• Use the Arcjet CLI for capabilities the MCP server does not expose: arcjet watch for live request streaming during incident response, and arcjet skills install for writing a project-local ARCJET.md so future agent turns have zero-round-trip discovery. Setup, read-side analysis, and rule CRUD continue to use the MCP server.
• Commands invoke as npx -y @arcjet/cli@latest <command> so no install is required (works on macOS, Linux, Windows). If a local arcjet binary is on PATH, the plugin uses it directly.
• New rules/arcjet-cli.mdc documents when to reach for the CLI vs MCP, the invocation pattern, and agent-friendly flags (--output json, --fields).
• agents/security-analyst.md now shells out to arcjet watch for continuous monitoring during incidents instead of polling list-requests over MCP.
• All three skills (protect-route, add-ai-protection, add-guard-protection) end with an optional step that runs arcjet skills install.
• README, CHANGELOG, and the three plugin manifests updated.

Authentication uses the CLI's browser-based device flow (consistent with gh auth login, vercel login); ARCJET_TOKEN remains the headless escape hatch.

Closes ENG-712. Companion to arcjet/arcjet-docs#815 (ENG-711) and arcjet/arcjet#7903 (ENG-713).

Test plan

• bash scripts/validate.sh — all skills, rules, agent, and JSON files pass structural validation.
• dprint check — all files formatted.
• Install plugin in a Claude Code session and verify the new CLI rule activates on **/lib/arcjet*, **/arcjet*, and **/.env* paths.
• Trigger /arcjet:protect-route and confirm the final "Install Project-Local Skills" step runs arcjet skills install cleanly.
• Invoke security-analyst during an incident scenario and confirm it reaches for arcjet watch rather than polling list-requests repeatedly.
• Verify npx -y @arcjet/cli@latest watch --site-id <id> works end-to-end after arcjet auth login.

🤖 Generated with Claude Code