Add GCP audit log export integrity gates

[Desalzes]

Summary

• Updates gcp-review to require full audit-log export path validation for CIS Section 2 logging controls.
• Adds a Logging Export Integrity report table covering sink scope, filters/exclusions, destination IAM, retention/lock, CMEK/KMS, and destination sample-event evidence.
• Extends benchmark-checklist.md with concrete Terraform review patterns for sink filters, sink exclusions, _Default exclusions, broad destination IAM, locked GCS retention, CMEK, and non-GCS retention evidence.
• Adds finding classification guidance for High vs Medium logging export failures.

Related issue

Closes #1621

Validation

• git diff --check
• Required frontmatter field check for skills/cloud/gcp-review/SKILL.md
• Prompt-injection pattern scan on the modified GCP review files
• Markdown fence balance check on the modified GCP review files

Pull Request Checklist

• Skill follows the format specification in CONTRIBUTING.md
• At least one real framework is cited with correct control IDs
• Prompt Injection Safety Notice retained
• injection-hardened: true remains set in frontmatter
• allowed-tools remains scoped to minimum necessary permissions
• No prohibited patterns found by local injection-pattern scan
• index.yaml not updated because this improves an existing skill, not a new skill
• Live AI-agent execution test not run; this is a focused guidance/checklist improvement validated statically

Bounty note

This implements the requested logging-export integrity evidence gates from #1621 and should qualify as a focused skill improvement if accepted.