Tighten handoff param patterns to block prompt injection via spaces

Param values for matter_id and clause are interpolated directly into the
steering-prompt templates. Their patterns previously permitted spaces, which
would let a hostile document smuggle a natural-language sentence into the
prompt through a field that looks like an ID. Restrict both to slug shape
(no spaces); descriptive context belongs in the note/event fields, which are
never interpolated and are wrapped in the data frame.

Also render templates via format_map with an empty-string default so an
optional param the template references (e.g. playbook_monitor's clause)
degrades gracefully instead of raising KeyError, and ignore __pycache__.

.gitignore

@@ -3,3 +3,5 @@
 /logs/
 /outputs/
 /.claude/
+__pycache__/
+*.pyc