Add container image provenance evidence gates

[Dolpme]

Pull Request Checklist

• Skill follows the format specification in CONTRIBUTING.md
• At least one real framework is cited with correct control IDs
• All framework references verified against primary sources (not blogs or AI output)
• Prompt Injection Safety Notice section included
• injection-hardened: true set in frontmatter
• allowed-tools scoped to minimum necessary permissions
• Tested with at least one AI coding agent (which one: Codex)
• No prohibited patterns per SECURITY.md
• index.yaml updated with new skill entry (if adding a skill; not applicable, existing skill only)

What This PR Does

Addresses #1659.

This improves skills/cloud/container-security by adding image provenance and admission evidence gates for production workloads. The update requires reviewers to verify that the deployed image is the same artifact that was built, scanned, signed, attested, and admitted by policy.

Summary:

• Adds a dedicated image provenance/admission evidence-chain step to SKILL.md.
• Adds CONT-PROV-* finding IDs for mutable tags, signature/SBOM digest mismatches, audit-only admission, weak signer identity constraints, Helm/Kustomize override drift, stale exceptions, and registry evidence retention gaps.
• Extends the output report with an image provenance evidence matrix.
• Adds detailed checklist guidance and failure examples in cis-benchmarks.md.
• Adds the imagePullPolicy: Always provenance pitfall.

Framework References

• NIST SP 800-190 image and registry risk countermeasures
• CIS Docker Benchmark v1.6.0 Section 4 container image controls
• Kubernetes admission control documentation
• Sigstore Cosign verification documentation

Testing

• git diff --check: passed; only existing Windows line-ending warnings were reported.
• PowerShell equivalent of lint-skills.yml frontmatter check: passed for all skills/ and roles/ SKILL.md files.
• PowerShell equivalent of validate-index.yml: all files listed by index.yaml exist.
• PowerShell equivalent of injection-scan.yml: no prompt injection patterns detected.
• Markdown fence-balance check: passed for edited files.
• Targeted issue coverage check: confirmed image provenance/admission chain, rendered workload evidence, immutable digest handling, build provenance, trusted signer identity, SBOM/scan digest linkage, enforce-mode admission, Helm/Kustomize override drift, all CONT-PROV-* IDs, evidence matrix, and imagePullPolicy: Always pitfall are present.
• Official reference availability checked with HTTP 200 for NIST SP 800-190, Sigstore Cosign verification, and Kubernetes dynamic admission control pages.