wiki: add capability synthesis to wiki-compile; recompile GuruRMM

Skill + template:
- wiki-compile Phase 2P: type-aware authoritative-artifact discovery for
  projects (migrations, API routes, agent modules, roadmap-done, commit log),
  with a stale-submodule guard that reads origin/main when the pinned
  submodule lags. Changelogs treated as incomplete, not authoritative.
- project template: add a Capabilities / Feature Set section.

GuruRMM recompile (from live main artifacts, not session logs):
- Added Capabilities / Feature Set section covering monitoring, remote
  execution (incl. system vs user_session contexts), inventory/discovery,
  update mgmt, policy, alerting/watchdog, backup, tunnel, identity/security.
- Fixed the misleading "runs as LocalSystem" command-fields line (the gap
  that started this) and the stale BUG-001 temperature claim (now shipped).
- Qualified Entra-only SSO; noted safe-rollout is unwired scaffolding.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

wiki/_templates/project.md

@@ -14,6 +14,10 @@ backlinks: []
 
 *(What it is, current maturity, who uses it, what problem it solves)*
 
+## Capabilities / Feature Set
+
+*(What the product can actually DO — synthesized from AUTHORITATIVE ARTIFACTS, not just session-log narrative: API routes (the real surface), agent/module structure, DB migrations (each is a feature checkpoint), completed roadmap items, specs, and the feat/perf commit log. Changelogs help but are often incomplete — do not rely on them alone. Organize by surface (e.g. monitoring, remote execution, management, integrations, security). Call out platform coverage and important execution modes/options — e.g. command execution contexts, auth modes, policy scopes. This section answers "what does it support?" so future readers don't have to re-derive it from code.)*
+
 ## Architecture
 
 ### Components