Add cross-tenant search suggestion review skill

[YfengJ]

/claim #2425

Summary

• add a dedicated cross-tenant-search-suggestion-review skill for typeahead, autocomplete, suggestion, partial-match search, admin search, and search-index pipelines
• cover server-derived tenant binding, index/query isolation, prefix enumeration leakage, cache/ranking/analytics boundaries, admin/support search controls, and regression evidence
• add vulnerable and benign fixtures for cross-tenant suggestion leakage versus tenant-scoped search isolation
• update index.yaml and quote the existing ISO framework values so the index parses cleanly

Validation

• RED check before implementation: confirmed the skill file and index entry were missing
• ruby -ryaml -e 'idx = YAML.load_file("index.yaml"); files = idx.fetch("skills").map { |s| s.fetch("file") }; missing = files.reject { |p| File.file?(p) }; abort "missing files:\n#{missing.join("\n")}" unless missing.empty?; count = idx.fetch("meta").fetch("skill_count"); abort "skill_count #{count} != #{files.size}" unless count == files.size; puts "index ok: #{files.size} skills"'
• ruby -e 'Dir["skills/**/*.md"].each { |f| n = File.read(f).scan(/^```/).size; abort "#{f}: odd fenced code count #{n}" if n.odd? }; puts "markdown fences ok"'
• find tests -name '*.json' -print0 | xargs -0 -n1 jq empty && echo 'json fixtures ok'
• git diff --cached --check

Requested bounty tier: Intermediate ($350). Payment details can be provided privately after maintainer acceptance.