fix(runtime): skip default retries for unsafe methods

[samzong]

Summary

Fixes #16.

• Limit the default retry policy to safe HTTP methods.
• Keep explicit MaxRetries > 0 as the opt-in path for callers that intentionally want retries on other methods.
• Add regression coverage proving default POST requests are not retried after a retryable status.

Verification

• go test ./pkg/runtime -run 'TestHTTPClient_DefaultRetriesSkipPost|TestRetryTransport'
• go test ./pkg/runtime
• go test -race ./pkg/runtime
• make check
• /pre-ship --committed manual gate: no MUST-FIX findings; sentinel written

Compatibility

Generated mutating commands no longer retry by default on 429/5xx. Safe methods keep default retries, and callers can still opt into retrying other methods by setting MaxRetries > 0. No generated command shape, catalog schema, auth, body, output, or generated code changes.

Checklist

• Tests or focused verification cover the changed surface.
• User-facing behavior changes are described in this PR; no generated workflow docs needed.
• Generated output under internal/generated/, .cache/, and ad-hoc skills/<cli-name>/ directories is not committed.
• Commits are signed off when this is ready to merge.