Revert memory commit/push — gitignore life/ and memory/ instead

Agent memory files can contain secrets (API keys, credentials, infra
details). These must not be committed to git. Memory persists on the
pod's persistent volume. Git is for board-authored config only.

- Added life/ and memory/ back to .gitignore
- Removed git add/commit/push from CEO heartbeat sync (pull-only now)
- Removed auto-merge workflow (no longer needed)

Co-Authored-By: Paperclip <noreply@paperclip.ing>

.github/FUNDING.yml

@@ -1 +0,0 @@
-github: [privilegedescalation]

.github/workflows/auto-merge-agent-sync.yml

@@ -1,24 +0,0 @@
-name: Auto-merge agent-sync
-
-on:
-  push:
-    branches: [agent-sync]
-
-permissions:
-  contents: write
-
-jobs:
-  merge:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-          ref: main
-      - name: Merge agent-sync into main
-        run: |
-          git config user.name "github-actions[bot]"
-          git config user.email "github-actions[bot]@users.noreply.github.com"
-          git merge origin/agent-sync --no-edit
-          git push origin main
-

.gitignore

@@ -10,6 +10,10 @@
 .gitconfig
 .kube/
 
+# Agent memory (persists on volume, contains secrets — never commit)
+life/
+memory/
+
 # Editor swap files
 *.swp
 *.swo

ceo/HEARTBEAT.md

@@ -77,9 +77,7 @@ This repo (`/paperclip/privilegedescalation/agents`) is the canonical source of
 
     export GH_TOKEN=$(bash /paperclip/privilegedescalation/agents/get-github-token.sh)
     cd /paperclip/privilegedescalation/agents
-    git add -A
-    git diff --cached --quiet || git commit -m "agent: memory and runtime updates $(date -u +%Y-%m-%dT%H:%M:%SZ)"
-    git pull --rebase origin main && git push origin HEAD:refs/heads/agent-sync -f
+    git pull origin main
 
 #### 5b. Detect changes since last sync