Fix: Always use explicit SSH key path for all SSH operations

CRITICAL FIX: SSH keys were not being auto-loaded, causing connection failures.

Changes:
- tools.py: SSH commands now include -i /var/lib/macha/.ssh/id_ed25519
- remote_monitor.py: Use explicit key path instead of sudo ssh
- system_discovery.py: Added explicit key path to all SSH calls
- system_prompt.txt: Document automatic SSH key loading
- DESIGN.md: Clarify CRITICAL requirement for explicit key paths

All SSH operations now explicitly specify:
  -i /var/lib/macha/.ssh/id_ed25519 -o StrictHostKeyChecking=no

This ensures Macha can reliably connect to remote hosts without
depending on SSH agent or automatic key discovery.

DESIGN.md

@@ -26,6 +26,8 @@ Macha is an AI-powered autonomous system administrator capable of monitoring, ma
 **Macha CAN and SHOULD use SSH to manage other hosts.**
 
 #### SSH Access
+- **CRITICAL**: Always uses explicit SSH key path: `-i /var/lib/macha/.ssh/id_ed25519`
+- All SSH commands automatically include the `-i` flag with absolute key path
 - Runs as `macha` user (UID 2501)
 - Has `NOPASSWD` sudo access for administrative commands
 - Shares SSH keys with other hosts in the infrastructure
@@ -37,8 +39,9 @@ Macha is an AI-powered autonomous system administrator capable of monitoring, ma
    ssh rhiannon systemctl status ollama
    ssh alexander df -h
    ```
-   - Commands automatically prefixed with `sudo` by the tools layer
-   - Full command: `ssh macha@rhiannon sudo systemctl status ollama`
+   - Commands automatically transformed by the tools layer
+   - Full command: `ssh -i /var/lib/macha/.ssh/id_ed25519 -o StrictHostKeyChecking=no macha@rhiannon sudo systemctl status ollama`
+   - SSH key path is always explicit, commands are automatically prefixed with `sudo`
 
 2. **Status checks:**
    - Check service health on remote hosts