Improve AWS ECR evidence gates

[lcwLcw123]

Summary

Fixes #1204.

This improves skills/cloud/aws-review by adding Amazon ECR tag immutability, image scanning, enhanced Inspector scanning, image digest, scan freshness, and lifecycle retention evidence gates.

Changes included:

• Add an AWS Container Registry Evidence Gates step for ECR repositories.
• Add ECR Repository Evidence output fields for tag mutability, scan coverage, enhanced scanning, digest evidence, scan freshness, lifecycle/retention, and findings.
• Add findings classification for mutable production tags, missing scanning, missing digest evidence, and stale scan evidence.
• Extend benchmark-checklist.md with ECR-1 through ECR-4 checks.
• Add fixtures for a benign immutable/enhanced-scanning repository and a vulnerable mutable/unscanned production repository deployed by tag.
• Add official AWS ECR and Inspector references.

Validation

• Red-first marker check failed before edits for the new ECR gate terms.
• rg -n "ECR Repository Evidence|AWS Container Registry Evidence Gates|image_tag_mutability|scan_on_push|ENHANCED|Inspector enhanced|image digest evidence|scan freshness|lifecycle policy" skills/cloud/aws-review -S
• git diff --check
• git diff --cached --check
• Required frontmatter sweep across skills/**/SKILL.md
• Markdown fence balance check for aws-review markdown
• ASCII byte scan for changed and untracked files
• Prompt-injection phrase scan for changed aws-review files
• Source URL checks returned 200 for AWS ECR tag mutability, AWS ECR image scanning, and Amazon Inspector ECR scanning docs

Bounty

• Requested bounty tier: Improver Moderate ($100) if accepted.
• Preferred payment method: GitHub Sponsors; PayPal can be provided privately if preferred.