Add IaC variable override evidence gates

[MAUROCERON]

Closes #1296.

Addresses the variable-resolution evidence gap in the related review issue.

Summary

• Adds a Variable Resolution and Environment Override Evidence step to iac-security.
• Requires reviewers to record workspace/environment, variable sources, security-sensitive variables, effective value evidence, missing inputs, and outcome.
• Adds IAC-VAR-* finding IDs for missing workspace context, missing tfvars/CI/HCP/Terragrunt inputs, weakening overrides, and committed sensitive variable files.
• Extends the output template and SLSA section with input-resolution evidence.
• Adds tool-rule guidance and grep patterns for TF_VAR_*, -var-file, *.auto.tfvars, Terragrunt inputs, and security-sensitive override values.

Validation

• Markdown fence balance checked for SKILL.md and tool-rules.md.
• Required marker checks passed for Variable Resolution and Environment Override Evidence, IAC-VAR-01, IAC-VAR-07, Not Evaluable from Source Only, TF_VAR_, Terragrunt, terraform.tfvars, and *.auto.tfvars.
• Reference URL checks returned HTTP 200 for Terraform variable docs, Terraform Cloud variables, Terraform workspaces, and Terragrunt attributes.

Bounty

Improver bounty requested if accepted. Payment details can be provided privately after maintainer acceptance.