docs: factual audit + reference sync — 260 findings corrected

Parallel 6-agent audit against official Anthropic docs (llms-full.txt).
Key corrections applied across permissions, hooks, MCP, security, privacy, reference.yaml.

Highlights:
- Fix MCP config path (~/.claude.json), mcpServers key, variable substitution syntax
- Fix permission modes (5 not 3), :* syntax (×6), Stop event description
- Fix hook JSON field names (hook_event_name, tool_name, tool_input, session_id)
- Fix filesystem restriction docs (permission rules, not settings.json keys)
- Fix data-privacy: 4-tier retention, /bug 5yr warning, ZDR conditions, 5 telemetry opt-out vars
- Add official llms.txt/llms-full.txt references to CLAUDE.md + machine-readable/llms.txt
- Reference.yaml: 375 entries re-synced (92% had wrong line numbers — guide grew 15K→21K lines)
- New script: scripts/resync-reference-yaml.py for automated line number sync
- Quiz: corrected answers for hooks (07), memory settings (03), MCP servers (08)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

tools/onboarding-prompt.md

@@ -223,7 +223,7 @@ Based on the goal from Phase 0, ask ONLY the necessary additional questions:
    When presenting security topics, add a hands-on option alongside the usual depth controls:
    - After sandbox/permissions topic → "Try: Run `/security-check` to scan your current setup"
    - After threat intelligence topic → "Try: Check your installed skills against known malicious patterns"
-   - After MCP vetting topic → "Try: Review your `~/.claude/mcp.json` against the MCP Safe List"
+   - After MCP vetting topic → "Try: Review your `~/.claude.json` against the MCP Safe List"
 
 4. **Depth control**: Use AskUserQuestion with options:
    - "Go deeper" → Provide detailed explanation with examples