Improve GCP Cloud Run evidence gates

[lcwLcw123]

Summary

Fixes #1208.

This improves skills/cloud/gcp-review by adding supplemental Cloud Run ingress, invoker IAM, service identity, VPC egress, image provenance, Binary Authorization, edge-control, and audit evidence gates.

Changes included:

• Add Cloud Run Ingress and Identity Evidence as a supplemental GCP review step.
• Add Cloud Run Evidence output fields for service, region, ingress, invoker IAM, service identity, VPC egress, image provenance, edge controls, audit evidence, and findings.
• Add findings classification for public INGRESS_TRAFFIC_ALL, unauthenticated roles/run.invoker, default/broad runtime identities, missing image provenance, missing Binary Authorization evidence, and missing VPC egress evidence.
• Extend benchmark-checklist.md with GCP-RUN-1 through GCP-RUN-5 checks.
• Add fixtures for a benign public API routed through internal load balancer ingress with user-managed service identity and a vulnerable public admin API using default identity and mutable tag.
• Add official Cloud Run references for ingress, IAM access control, service identity, Direct VPC egress, and Binary Authorization.

Validation

• Red-first marker check failed before edits for the new Cloud Run gate terms.
• rg -n "Cloud Run Evidence|GCP-RUN|INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER|roles/run.invoker|service identity|Binary Authorization|Direct VPC egress|VPC connector|allUsers" skills/cloud/gcp-review -S
• git diff --check
• git diff --cached --check
• Required frontmatter sweep across skills/**/SKILL.md
• Markdown fence balance check for gcp-review markdown
• ASCII byte scan for changed and untracked files
• Prompt-injection phrase scan for changed gcp-review files
• Source URL checks returned 200 for Cloud Run ingress, IAM access control, service identity, Direct VPC egress, and Binary Authorization docs

Bounty

• Requested bounty tier: Improver Moderate ($100) if accepted.
• Preferred payment method: GitHub Sponsors; PayPal can be provided privately if preferred.