Security review and changes for multi-canister skill

[robin-kunzler]

• Restructured "mistakes that break your build" into three sections: funcional issues, security issues, build issues. I think the first two are not really about breaking the build so I think this is clearer.
• Added several issues and links to security issues
• Reviewed the code examples, did minor fixes directly. Instead of hardening the code security directly, I added sections about what would be needed to make them production ready. I think that's better as it keeps the examples focused without cluttering them.

[alin-at-dfinity]

Looks very nice, thank you.

[derlerd-dfinity]

Nice! Thanks a lot!

[marc0olo]

#55 just merged and changed the frontmatter format for all skills. This PR now has merge conflicts in skills/multi-canister/SKILL.md.

The new frontmatter format is:

---
name: multi-canister
description: "..."
license: Apache-2.0
compatibility: "icp-cli >= 0.1.0"
metadata:
  title: "Multi-Canister Architecture"
  category: Architecture
---

Removed fields: version, endpoints, status, dependencies, requires, tags. See CONTRIBUTING.md for the full reference.

Please rebase on main and update the frontmatter accordingly.

[marc0olo]

Heads up: we're also adding a dedicated canister-security skill in #58 (pending — will create shortly) that covers general IC security patterns (access control, TOCTOU, anonymous principal, pre_upgrade traps, cycles, inspect_message, etc.).

The security content here in multi-canister is complementary — it frames security in the multi-canister context (reentrancy in factory patterns, production readiness for specific examples). Both should coexist. After both PRs merge, we may add a brief cross-reference from multi-canister's security section to canister-security for agents that need deeper coverage.