Add machine user lifecycle review skill

[YfengJ]

/claim #2420

Summary

• add a dedicated machine-user-lifecycle-review skill for service accounts, bot users, workload identities, API clients, CI identities, and automation accounts
• cover ownership and purpose binding, credential freshness, entitlement drift, human-to-machine separation, deprovisioning safety, and monitoring/provenance
• add vulnerable and benign fixtures for an orphaned long-lived automation identity versus a scoped workload identity lifecycle
• update index.yaml and quote the existing ISO framework values so the index parses cleanly

Validation

• RED check before implementation: confirmed the skill file and index entry were missing
• ruby -ryaml -e 'idx = YAML.load_file("index.yaml"); files = idx.fetch("skills").map { |s| s.fetch("file") }; missing = files.reject { |p| File.file?(p) }; abort "missing files:\n#{missing.join("\n")}" unless missing.empty?; count = idx.fetch("meta").fetch("skill_count"); abort "skill_count #{count} != #{files.size}" unless count == files.size; puts "index ok: #{files.size} skills"'
• ruby -e 'Dir["skills/**/*.md"].each { |f| n = File.read(f).scan(/^```/).size; abort "#{f}: odd fenced code count #{n}" if n.odd? }; puts "markdown fences ok"'
• find tests -name '*.json' -print0 | xargs -0 -n1 jq empty && echo 'json fixtures ok'
• git diff --cached --check

Requested bounty tier: Intermediate ($350). Payment details can be provided privately after maintainer acceptance.