feat: validate ALB capacity on scope creation

[fedemaleh]

Summary

• Adds a pre-flight ALB capacity validation step during scope creation that queries the ALB's current rule count and fails early if it has reached the configurable threshold
• Configuration via get_config_value (provider > env > default): ALB_MAX_CAPACITY with a default of 75 in values.yaml, overridable via .providers["scope-configurations"].networking.alb_max_capacity
• Runs after build_context but before IAM and networking to avoid creating resources that would need cleanup if the ALB is full

Changes

File	Change
k8s/values.yaml	Added ALB_MAX_CAPACITY: 75 default
k8s/scope/validate_alb_capacity	New validation script — queries ALB listeners/rules via aws elbv2 APIs
k8s/scope/workflows/create.yaml	Added validate alb capacity step after build context
k8s/scope/tests/validate_alb_capacity.bats	19 BATS tests

Test plan

• 19 BATS tests passing (success flows, capacity exceeded, config priority, AWS API errors, input validation)
• Existing build_context.bats tests still pass (no regressions)
• Integration test with real ALB in staging environment
• Verify scope creation fails gracefully when ALB is at capacity
• Verify scope creation succeeds when ALB has room