skill: add Kubernetes security testing knowledge package (cloud/kubernetes.md)

[mason5052]

Summary

The strix/skills/cloud/ directory is currently empty. I'd like to contribute the first skill in this category: a Kubernetes security testing knowledge package.

Proposed content for cloud/kubernetes.md

• RBAC misconfigurations -- overly permissive ClusterRoles, wildcard verbs, service account token exposure
• Exposed Kubernetes APIs -- unauthenticated API server, kubelet read-only port (10255), etcd exposure
• Container escape vectors -- privileged containers, hostPID/hostNetwork, dangerous capabilities (CAP_SYS_ADMIN)
• Network policy gaps -- missing NetworkPolicy resources allowing unrestricted pod-to-pod traffic
• Secret management issues -- secrets stored in env vars, unencrypted etcd, exposed ConfigMaps
• Workload misconfigurations -- missing resource limits, runAsRoot, missing securityContext
• Supply chain risks -- unscanned images, mutable tags (:latest), unsigned images
• Common testing tools -- kubectl auth can-i, kube-bench, trivy, kubesec, manual API enumeration
• Validation methods -- how to confirm findings and avoid false positives per category

Why this matters

Kubernetes is one of the most widely deployed platforms, and cloud-native infrastructure is increasingly in scope for penetration tests. The cloud/ category currently has no skills, so this would be the foundation for cloud infrastructure testing coverage in Strix.

Happy to submit a PR once this direction is confirmed!

[mvanhorn]

Implemented in #394 - covers all 7 attack domains from the issue description (RBAC, exposed APIs, container escapes, network policies, secrets, workload misconfigs, supply chain). Format matches the existing SSRF skill.