feat(skills): add `owasp-top-10` skill for OWASP Top 10 web vulnerability assessment

[katriendg]

Summary

Create the owasp-top-10 skill under .github/skills/security/owasp-top-10/ providing detection checklists, severity guidance, and remediation patterns for the OWASP Top 10 2021 web application vulnerabilities.

This skill is consumed by the security-reviewer agent (not user-invocable). Content is adapted from JasonTheDeveloper's owasp-skills web-vulnerabilities skill with hve-core naming and conventions applied.

Acceptance Criteria

• .github/skills/security/owasp-top-10/SKILL.md exists with valid frontmatter
  • name: owasp-top-10 matches directory name
  • description ends with - Brought to you by microsoft/hve-core
  • user-invocable: false
  • metadata.content_based_on references OWASP Top 10 source URL
• references/ directory contains 11 files:
  • 00-vulnerability-index.md — summary table with all 10 vulnerabilities
  • 01-broken-access-control.md
  • 02-cryptographic-failures.md
  • 03-injection.md
  • 04-insecure-design.md
  • 05-security-misconfiguration.md
  • 06-vulnerable-outdated-components.md
  • 07-identification-authentication-failures.md
  • 08-software-data-integrity-failures.md
  • 09-security-logging-monitoring-failures.md
  • 10-server-side-request-forgery.md
• Each reference file follows the 7-section pattern: Description → Risk → Vulnerability Checklist → Prevention Controls → Example Attacks → Detection Guidance → Remediation
• SKILL.md body references the vulnerability index and instructs the agent on how to traverse references
• npm run validate:skills passes for this skill

Content Source

Adapted from JasonTheDeveloper's owasp-skills web-vulnerabilities/ skill. Naming convention changed from web-vulnerabilities to owasp-top-10 per Discussion #480 terminology alignment.

File Structure

.github/skills/security/owasp-top-10/
├── SKILL.md
└── references/
    ├── 00-vulnerability-index.md
    ├── 01-broken-access-control.md
    ├── 02-cryptographic-failures.md
    ├── 03-injection.md
    ├── 04-insecure-design.md
    ├── 05-security-misconfiguration.md
    ├── 06-vulnerable-outdated-components.md
    ├── 07-identification-authentication-failures.md
    ├── 08-software-data-integrity-failures.md
    ├── 09-security-logging-monitoring-failures.md
    └── 10-server-side-request-forgery.md

Dependencies

Depends on collection rename (#792) for directory path .github/skills/security/.