fix(tests): fix integration test failures from deprecated git key, missing wget, and wrong prompt path

- test_sandbox_escape: migrate manifest fixture from deprecated `git`
  key to `git-gate` (PRD 0047) — `remotes` → `repos`, field names
  `Name`/`Upstream`/`IdentityFile` → `url`/`identity`
- test_smolmachines_launch probes: replace `wget` (not in node:22-slim)
  with `curl -s --show-error --max-time 3` (installed in Dockerfile.claude)
- test_smolmachines_launch prompt test: correct path /root/ → /home/node/
  to match guest_home in smolmachines/prepare.py

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

docs/prds/0052-egress-dlp-addon.md

@@ -1,4 +1,4 @@
-# PRD 0053: Egress DLP addon
+# PRD 0052: Egress DLP addon
 
 - **Status:** Active
 - **Author:** claude
@@ -397,7 +397,7 @@ afterward, preserving the existing credential-injection security model.
 4. **Naive prompt injection detector (Phase 2).**
    Add `NaiveInjectionDetector` to `dlp_detectors.py`. Wire
    `scan_inbound` into the new `response` hook in `egress_addon.py`.
-   Extend unit tests. Activate PRD 0053 (`Status: Draft → Active`) in
+   Extend unit tests. Activate PRD 0052 (`Status: Draft → Active`) in
    this commit.
 
 ## Open questions

docs/research/yaml-route-matching-formats.md

@@ -3,7 +3,7 @@
 ## Question
 
 Bot-bottle's egress manifest currently supports exact-host matching and
-a flat list of path prefixes (`path_allowlist`). As the DLP work (PRD 0053)
+a flat list of path prefixes (`path_allowlist`). As the DLP work (PRD 0052)
 and future route hardening evolve, we may want more expressive matching:
 glob-style path patterns (`/api/*/data`), header predicates (Content-Type,
 Accept), and per-method rules (GET allowed, POST blocked). What established