Add secret-zero bootstrap gates

[Dolpme]

Addresses #2064.

Summary

• Adds secret-zero/bootstrap evidence gates to the secrets-management skill.
• Requires paired bootstrap factor separation, OIDC/workload identity claim binding, AppRole fallback controls, exchanged-token non-persistence checks, and audit correlation.
• Updates severity guidance, report output, common pitfalls, and the skill changelog.

Validation

• git diff --check
• Frontmatter required-field check across skills/ and roles/
• index.yaml referenced-file existence check
• Markdown fence-balance check for skills/devsecops/secrets-management/SKILL.md
• Target marker check for secret-zero, paired AppRole factors, OIDC/workload identity, non-persistence evidence, audit correlation, and version 1.0.2
• Changed-file prompt-injection pattern check

Bounty note: this is intended as an improver-tier contribution under CONTRIBUTING.md; payment details can be provided privately after maintainer acceptance.