feat(auth): allow anonymous download for global skills

[myml]

Update handleDownload to bypass the authentication requirement when the
namespace is 'global'. This enables unauthenticated users to download
public global skills, consistent with the publicly accessible route.

[gemini-code-assist]

Code Review

This pull request modifies the handleDownload function in skill-detail.tsx to allow users to download content without being logged in if the namespace is set to 'global'. The review feedback identifies a need for stricter type checking by using the !== operator and suggests improving code readability by adding spaces around operators, aligning with standard TypeScript practices.

[gemini-code-assist]

The comparison uses the non-strict inequality operator != and lacks spaces, which is inconsistent with the rest of the file and violates standard TypeScript idioms. Use the strict inequality operator !== and add spaces around the operator for better readability and consistency.

Suggested change

	if (namespace!='global' && !user) {
	if (namespace !== 'global' && !user) {

References

1. Always use === and !== instead of == and != to avoid type coercion issues and maintain consistency, as recommended by the Google TypeScript Style Guide. ^(link)

[XiaoSeS]

看了下感觉判断条件可以再激进一点 —— 不只是 global namespace 例外，整段 if (!user) requireLogin() 可以直接删掉。

后端 /api/web/skills/*/*/download 这条路由在 RouteSecurityPolicyRegistry 里是 permitAll，真正的鉴权落在 SkillDownloadService 里通过 VisibilityChecker.canAccess 完成。所以：

• 用户在详情页能看到这个 skill，说明可见性检查已经过了
• PRIVATE / NAMESPACE_ONLY 后端会自己拦
• 前端再加一层"必须登录"反而和后端不一致 —— 像组织 namespace 下发布的 PUBLIC 技能，按当前 PR 的写法匿名用户依然下载不了

建议直接改成这样：

 const handleDownload = async () => {
-  if (!user) {
-    requireLogin()
-    return
-  }
   if (!selectedVersionEntry || isPendingPreview) {
     return
   }

走这个方向的话，PR 标题里的 "for global skills" 也建议调一下，不然 git blame 看到会被误导。改成 feat(skill): allow anonymous download 之类就行。

另外建议在 web/src/pages/skill-detail.test.tsx 加个测试锁住这个行为：匿名用户点下载按钮，不跳登录、正常发起下载。免得后面有人不清楚意图又把判断加回来。