New STEP 1.5: Denial Delta Analysis (between Capture and Classify).
When error is denial-type (permission denied, EPERM, AccessDenied,
forbidden), systematically compare what was denied vs what is
configured. The difference IS the fix.

Generalized for 9 domains:
  SELinux, Linux capabilities, File permissions, Firewall,
  AppArmor, Database grants, IAM (AWS/GCP), CORS, Kubernetes RBAC

Updates:
- error-resolution.md: new STEP 1.5 section (~85 lines)
- error-resolution.md: Pivot Backlog Meta-Review adds 'Skipped delta
  analysis' meta-pattern
- SKILL.md: Pivot section references delta analysis for denial-type errors
- README.md: What's New v7.5.0 entry

Feedback from RSC project: 1 missing SELinux permission survived 5
debug rounds (2 hours) because agent never compared denied vs actual
rule. Delta analysis would have caught it in 10 seconds (720:1 ROI).