Add segmentation validation fixtures

[DENGXUELIN]

/claim #1349

What changed

Adds fixture-backed segmentation validation evidence gates to segmentation.

• Adds SEG-VAL-01 through SEG-VAL-08 for test matrix completeness, representative source context, denied-path proof, allowed-path proof, exception governance, alternate/failover path testing, CDE/crown-jewel independent validation, and post-change retesting.
• Adds a Segmentation Validation Evidence table with source/destination zone, protocol/port, test source context, expected/actual result, evidence reference, exception expiry, alternate-path status, and decision.
• Adds classification guidance so CDE/crown-jewel boundaries become High or Not Evaluable when denied-path proof, representative source context, exception scope, or alternate-path testing is missing.
• Adds benign/vulnerable JSON fixtures for a fully validated CDE boundary versus diagram-only segmentation with admin-only testing, missing denied-path evidence, ownerless migration exception, and untested transit-gateway failover route.

Why this PR

Existing PR #1350 is a useful Markdown edge-case implementation. This PR is intentionally fixture-backed with structured validation matrices so future reviews can distinguish proven segmentation from diagram-only or steady-state-only claims.

Validation

• git diff --check origin/main...HEAD
• git merge-tree --write-tree origin/main HEAD
• JSON parse check for both added fixtures
• Markdown fence balance for segmentation/SKILL.md
• Marker checks for version: 1.0.1, Segmentation Validation Evidence Gate, SEG-VAL-01 through SEG-VAL-08, Segmentation Validation Evidence, and Alternate Path Tested
• Fixture marker checks for expected_skill_decision, test_matrix, alternate_path_tests, exceptions, independent_validation, segmentation_decision, and risk_level
• Added-line ASCII scan
• Added-line sensitive/public-contact pattern scan
• Remote compare verification before PR creation

Bounty tier

Requesting Improver Moderate ($100) if accepted. This adds structured local fixtures in addition to the validation/exception evidence guidance requested by the issue.