Add SOC 2 emergency change evidence gates

[alejandrorivas-pixel]

Skill Improvement ($50-150 Bounty)

Skill Modified

Skill name: soc2-gap
Skill path: skills/compliance/soc2-gap/

Closes #1706.

What Was Wrong

soc2-gap referenced CC8.1 emergency change records and segregation of duties, but the evidence requirements were too general for auditor sampling. Emergency production changes could still be scored as partially ready without collecting change-specific rollback evidence, abort criteria, retroactive approval timing, requester/approver/deployer/verifier separation, and post-implementation review sign-off.

What This PR Fixes

• Adds a CC8.1 emergency-change evidence gate to tsc-criteria.md.
• Requires traceable change ID, emergency reason, approval path, segregation-of-duties evidence, test/validation evidence, rollback plan, abort criteria, and post-implementation review.
• Adds finding IDs SOC2-CC8-EMERG-01 through SOC2-CC8-EMERG-06.
• Expands the CC8.1 evidence artifact row to include emergency-change tickets, rollback plans, and post-review sign-offs.
• Bumps soc2-gap to 1.0.1 and adds the gate to the 30-day remediation checklist.
• Adds one vulnerable and one benign fixture for emergency-change evidence review.

Evidence

Before (skill could miss this):

change_id: CHG-2026-0418
type: emergency
production_deployment: true
requester: api-team-lead
approver: api-team-lead
deployer: api-team-lead
verifier: api-team-lead
approval:
  status: missing
rollback_plan: null
abort_criteria: null
post_implementation_review: null

After:
The fixture maps to:

• SOC2-CC8-EMERG-03 for missing approval evidence.
• SOC2-CC8-EMERG-04 for collapsed requester/approver/deployer/verifier identities.
• SOC2-CC8-EMERG-05 for missing rollback/abort criteria.
• SOC2-CC8-EMERG-06 for missing post-implementation review.

Test Cases Added/Updated

• Added vulnerable test case: skills/compliance/soc2-gap/tests/vulnerable/emergency-change-missing-rollback-review.md
• Added benign test case: skills/compliance/soc2-gap/tests/benign/emergency-change-with-post-implementation-review.md
• Existing tests still pass; this is a documentation and fixture-only change.

Validation

• git diff --check
• git diff --cached --check
• Local frontmatter validation using .github/workflows/lint-skills.yml required fields
• Markdown fence-balance check on changed files
• Required marker checks for version: "1.0.1", CC8.1 Emergency Change Evidence Gate, SOC2-CC8-EMERG-01, SOC2-CC8-EMERG-06, and the emergency-change evidence checklist
• ASCII check for tsc-criteria.md and new fixtures
• Payment/contact pattern scan on changed files; no payment details included

Bounty Tier

• Moderate ($100) - New edge case coverage and evidence fixtures for CC8.1 emergency-change audit readiness.

Bounty Info

• I have read and agree to the CONTRIBUTING.md bounty terms.
• Payment details can be provided privately after maintainer acceptance.