fix(sprint3): 首席架構師 Review C1/C2/C3/M3/m1 修正

C1: _ssh_execute 直接接收 key_path 參數，不反查 LAYER_SSH_CONFIG
C2: PlaybookService.create() proxy，Router 不再穿透呼叫 _repository
C3: CD Step 1b sed 替換 IMAGE_TAG_PLACEHOLDER，消除失敗中斷風險
M3: repair-bot 110/188 regex 統一 [a-z0-9][a-z0-9-]{0,30}，禁止底線
m1: defaultMode 0400 加八進位說明注釋
m2: _ssh_execute 用 deadline 計算剩餘 timeout

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

scripts/repair-bot/repair-bot-110.sh

@@ -29,7 +29,7 @@ declare -A COMPOSE_DIRS=(
 CMD="${SSH_ORIGINAL_COMMAND:-}"
 log "repair-bot-110 invoked: CMD=$CMD"
 
-if [[ "$CMD" =~ ^repair:([a-z0-9_-]+)$ ]]; then
+if [[ "$CMD" =~ ^repair:([a-z0-9][a-z0-9-]{0,30})$ ]]; then  # M3: 統一 Python 端 regex，禁止底線
   COMPONENT="${BASH_REMATCH[1]}"
   DIR="${COMPOSE_DIRS[$COMPONENT]}"
 

scripts/repair-bot/repair-bot-188.sh

@@ -30,7 +30,7 @@ declare -A SYSTEMD_SERVICES=(
 CMD="${SSH_ORIGINAL_COMMAND:-}"
 log "repair-bot-188 invoked: CMD=$CMD"
 
-if [[ "$CMD" =~ ^repair:([a-z0-9_-]+)$ ]]; then
+if [[ "$CMD" =~ ^repair:([a-z0-9][a-z0-9-]{0,30})$ ]]; then  # M3: 統一 Python 端 regex，禁止底線
   COMPONENT="${BASH_REMATCH[1]}"
 
   # Docker Compose 類