Usage / analytics endpoints are dashboard-only — they are not part of
the public API contract. Removing them from the published docs so
external customers don't build integrations against them.

- Deleted the four api/usage/*.mdx pages (totals, scans, priority,
  warmer-health) and the empty parent directory.
- Removed the Usage group from docs.json navigation.
- skill.md: dropped the Usage table; added an explicit note that
  usage data is dashboard-only so agents stop hallucinating GET paths.
- dashboard-overview.mdx: the Usage sidebar row now reads
  "Dashboard-only" instead of linking to API pages. Removed the
  "Get usage totals" link from the Home row and reworded the
  role-gating table.
- api/errors.mdx: dropped "or usage endpoints" from the
  Org-settings-not-found row.

Cross-repo follow-up: the corresponding endpoints in
sherlock/src/api/routes_auth.py (get_usage, get_usage_scans,
get_usage_priority, warmer-health) should be gated to dashboard
sessions only — API-key auth on these paths should return 403, to
match the new docs.

User intent: nothing in customer-facing docs should help a reader
reverse-engineer Tumban's detection pipeline. The previous pass
exposed too much — strategy names, judge model, bump_up/bump_down
adjudication, internal score arithmetic.

Scoring (concepts/recommendations.mdx)
- Removed the "three independent detection strategies" paragraph and
  the bump_up/bump_down adjudication detail.
- Replaced with a contract-only explanation: what the score means
  ("confidence a violation is present"), what fields are part of the
  public contract, and that other fields are opaque and may change.

Confidence (concepts/confidence.mdx)
- Removed the exact trigger table that listed blocklist thresholds,
  multi-strategy agreement, contextual-model confidence pass-through,
  and judge invocation.
- Replaced with a semantic table (what high/medium/low mean to a
  reviewer). Kept the "never low when no_flags" gotcha — it's a
  contract-level invariant, not mechanism.

Field surface (api/scans/get.mdx)
- Dropped the ResponseField blocks for strategy_scores and
  judge_model_invoked, removed them from the example JSON, and
  removed the "Strategy scores" bullet from the dashboard section.
  Folded them into the existing "internal, opaque, subject to change"
  disclaimer (which I also generalised — no longer enumerates the
  specific internal fields).

Reason codes (reference/reason-codes.mdx)
- Reworded descriptions that explicitly named the judge model or the
  "contextual model" / classifier internals. Codes themselves
  (JUDGE_BUMP_UP, LLM_API_ERROR, etc.) are left literal because the
  API emits them verbatim — cross-repo follow-up below.
- Stripped the source-trail MDX comment that cited
  aggregator.py:_aggregate_reason_codes and strategies/llm_decision.py.

Cross-doc cleanup
- evidence-index, scans/get, webhooks/payload: replaced
  "the contextual model cited" wording with "Tumban cited".
- index.mdx: removed "multi-strategy detection pipeline".
- skill.md: rewrote Confidence and Score-band sections to match the
  scrubbed concepts pages; emphasises that score internals are not
  part of the public contract.

Cross-repo follow-ups for sherlock
- API still returns strategy_scores and judge_model_invoked on
  GET /api/v2/scans/{scan_id}. Remove from the response model so
  customers can't inspect detection internals via the field surface.
- Reason codes JUDGE_BUMP_UP, JUDGE_BUMP_DOWN, LLM_API_ERROR,
  LLM_PARSE_ERROR are emitted with internal terminology baked into
  the enum strings. Consider renaming (e.g. SCORE_ADJUSTED_UP,
  ANALYSIS_ERROR) so the public reason_codes list doesn't leak the
  same mechanics this PR scrubbed from prose.

The pipeline no longer carries completed_with_partial as a reserved
status — ScanStatusT is now just processing | completed | failed.
Scans that experience step failures land in `completed` with the
`coverage` object recording what was skipped. The partial_reason
webhook field went away with it.

Reason-code renames to match aggregator.py and llm_decision.py:
  CONTENT_SAFETY_TEXT_FLAGGED   -> TEXT_FLAGGED
  CONTENT_SAFETY_IMAGE_FLAGGED  -> IMAGE_FLAGGED
  CONTENT_FILTER_TRIGGERED      -> UNSAFE_CONTENT_BLOCKED
  JUDGE_BUMP_UP                 -> SECONDARY_REVIEW_CONFIRMED
  JUDGE_BUMP_DOWN               -> SECONDARY_REVIEW_DOWNGRADED
  LLM_API_ERROR                 -> ANALYSIS_ERROR
  LLM_PARSE_ERROR               -> PARSE_ERROR

Header note added that codes are an unordered set AND open-ended so
integrators code defensively against unknown codes.

Adds the recently-shipped public fields and surface changes from the
sherlock backend:

- Get scan: document `is_banned` (bool | null) at the top level of the
  scan record. Null until the ban-checker evaluates, then true/false.
- Create batch: tighten the partial-acceptance worked example so the
  ordering ("first N accepted, last `profiles_skipped` dropped") is
  unambiguous; use the 50-URL / 30-quota numbers from the worked
  example brief.
- Authentication + skill.md: dashboard-session-only list expands from
  three to five endpoints — POST /org/api-keys and GET /org/api-keys
  also reject API keys now (prevents API-key → API-key chaining).
- Errors: document the new 403 detail string for those two endpoints:
  "This endpoint requires a dashboard session. API keys are not
  permitted."