和风天气查询功能

The skill is designed to query weather data using the QWeather API, which requires JWT authentication. This involves reading a private key from a file (`lib/ed25519-private.txt` is a template, but the code in `lib/qweather_jwt_session.js` and `lib/gen_qweather_token.js` uses `fs.readFileSync` to load it). While this file access is necessary for the skill's stated purpose of JWT signing, it represents a high-risk capability (direct access to a private key file) that could be exploited if the `PRIVATE_KEY_PATH` configuration were maliciously altered. Additionally, the `gen_qweather_token.js` utility script logs the generated JWT token to the console, which could be a minor information leak in certain environments.