Add containment SOAR rollback evidence gates

[minorstep]

/claim #1176

Summary

• Adds SOAR automation, rollback, and legal-hold evidence gates to containment.
• Requires execution mode, trigger confidence, approval state, pre-action snapshots, rollback owner, preservation status, validation telemetry, and shared/service-account safeguards before high-impact automation is treated as ready.
• Updates the containment output schema and validation checklist so responders record automation mode, rollback evidence, legal-hold status, and telemetry continuity.
• Adds vulnerable and benign YAML calibration fixtures for enforced automation without rollback evidence and dry-run/approval-gated automation with legal-hold controls.

Validation

• git diff --check
• git diff --cached --check
• Frontmatter required-field/version check for containment v1.0.2
• YAML parse for the new containment fixtures
• Markdown fence-balance check
• Targeted content assertions for SOAR, legal-hold, rollback, and telemetry-continuity coverage
• Prompt-injection scan over the touched path; only the existing safety-section heading matched
• Private/payment-pattern scan over touched files found no matches
• ASCII scan over touched files

Bounty

Requesting Improver Moderate / $100 consideration if accepted. Payment details can be provided privately after maintainer acceptance.