fix: remove chat:write.public scope for better security

Changed botScopes from ["commands", "chat:write", "chat:write.public"] to
["commands", "chat:write"] to remove the overly broad public permission.

The chat:write.public scope allows bots to write to channels they're not
members of, which is unnecessarily permissive. Using just chat:write
provides better security and privacy while maintaining necessary functionality.

Updated:
- Test data manifests (manifest-sdk.ts, manifest-sdk-app-name.ts)
- Documentation example
- Test expectations in strings_test.go

Author: claude

docs/guides/using-environment-variables-with-the-slack-cli.md

@@ -108,7 +108,7 @@ export default Manifest({
   outgoingDomains: [
     Deno.env.get("CHATBOT_API_URL")!,
   ],
-  botScopes: ["commands", "chat:write", "chat:write.public"],
+  botScopes: ["commands", "chat:write"],
 });
 ```
 

internal/goutils/strings_test.go

@@ -326,8 +326,8 @@ func Test_RedactPII(t *testing.T) {
 		},
 		{
 			name:     "Escape sensitive data from mock HTTP response",
-			text:     `{"ok":true,"app_id":"A123","credentials":{"client_id":"123","client_secret":"123","verification_token":"123","signing_secret":"123"},"oauth_authorize_url":"123":\/\/slack.com\/oauth\/v2\/authorize?client_id=123&scope=commands,chat:write,chat:write.public"}`,
-			expected: `{"ok":true,"app_id":"A123","credentials":{"client_id":"...","client_secret":"...","verification_token":"...","signing_secret":"..."},"oauth_authorize_url":"...":\/\/slack.com\/oauth\/v2\/authorize?client_id=...&scope=commands,chat:write,chat:write.public"}`,
+			text:     `{"ok":true,"app_id":"A123","credentials":{"client_id":"123","client_secret":"123","verification_token":"123","signing_secret":"123"},"oauth_authorize_url":"123":\/\/slack.com\/oauth\/v2\/authorize?client_id=123&scope=commands,chat:write"}`,
+			expected: `{"ok":true,"app_id":"A123","credentials":{"client_id":"...","client_secret":"...","verification_token":"...","signing_secret":"..."},"oauth_authorize_url":"...":\/\/slack.com\/oauth\/v2\/authorize?client_id=...&scope=commands,chat:write"}`,
 		},
 		{
 			name:     "Escape from `Command` for external-auth add-secret",

test/testdata/manifest-sdk-app-name.ts

@@ -18,5 +18,5 @@ export default Manifest({
   "icon": "assets/icon.png",
   "functions": [ReverseFunction],
   "outgoingDomains": [],
-  "botScopes": ["commands", "chat:write", "chat:write.public"],
+  "botScopes": ["commands", "chat:write"],
 });

test/testdata/manifest-sdk.ts

@@ -18,5 +18,5 @@ export default Manifest({
   "icon": "assets/icon.png",
   "functions": [ReverseFunction],
   "outgoingDomains": [],
-  "botScopes": ["commands", "chat:write", "chat:write.public"],
+  "botScopes": ["commands", "chat:write"],
 });