improve(dependency-scanning): add lockfile registry gates

[bodoo26]

Summary

• add dependency-scanning gates for manifest, lockfile, CI install mode, and build artifact alignment
• require private registry namespace proof before scoring dependency confusion risk
• add fixtures for lockfile drift, patched lockfile benign evidence, and missing private registry mapping

Validation

• ruby scripts/validate_skill_schema.rb
• ruby scripts/validate_index.rb
• ruby scripts/test_skill_fixtures.rb
• ruby scripts/test_remediation_fixtures.rb
• ruby scripts/generate_quality_scorecard.rb --check
• git diff --check

Refs #2792

[github-actions]

Thanks for the submission! 🙏 SecuritySkills is now issue-first: contributions need a linked issue that a maintainer has marked approved before a PR is opened.

Please open an issue describing the skill, wait for the approved label, then reopen this PR with Closes #<issue> in the description. The PR template lists everything we'll look for (including an independently runnable reproduction).