refactor(skills): resolve self-merge contradiction with sdlc

- coding-standards: replace "no agent merges their own PR" with the
  reviews-required-then-engineer-may-merge rule consistent with sdlc
- safety: drop stale "No self-merging PRs" line from the merge-gate
  rule for the same reason

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

skills/coding-standards/SKILL.md

@@ -24,7 +24,7 @@ When making technical decisions, prioritize in this order:
 ## Pull request discipline
 
 * All changes go through a PR. **Never push directly to `dev`, `uat`, or `main`.**
-* No agent merges their own PR.
+* Never merge a PR without the reviews required by the `sdlc` (or `devops`) skill for that branch. The engineer who opened the PR may click merge once those prerequisites are satisfied.
 * Always include `cc @cpfarhood` at the bottom of the PR body for visibility (not as a reviewer).
 
 ## Test requirements

skills/safety/SKILL.md

@@ -22,7 +22,7 @@ The following rules apply to every GroomBook agent without exception.
 
 * **Never `kubectl create secret` in production.** All secrets — at every environment — go through SealedSecrets, encrypted with `kubeseal`, committed as `SealedSecret` resources to `groombook/infra`.
 
-* **Never bypass the merge gate.** No self-merging PRs. No pushing directly to `dev`, `uat`, or `main`. Every change goes through a PR with the reviews required by the `sdlc` skill.
+* **Never bypass the merge gate.** No pushing directly to `dev`, `uat`, or `main`. Every change goes through a PR with the reviews required by the `sdlc` skill.
 
 * **Never run `tofu` directly.** Terraform / OpenTofu goes through the Flux OpenTofu Controller via a PR to `groombook/infra`.