fix: resolve broken CI security gate and add reality-check documentation

[Copilot]

The 4-job security gate was silently non-functional (trivy-action@0.28.0 tag doesn't exist), multiple Terraform files had policy violations blocking Checkov, the GKE terraform had invalid HCL (floating block outside any resource), and the README retained a section that was meant to be removed.

CI / Workflow (trivy-scan.yml)

• trivy-action@0.28.0 → @0.30.0 (tag never existed; all 3 scan jobs were failing at setup, producing zero scan output)
• codeql-action/upload-sarif@v3 → @v4 across all 3 SARIF upload steps

aws-foundation/main.tf

• Added monitoring = true (CKV_AWS_126)
• #checkov:skip=CKV_AWS_135 — t2.micro doesn't support EBS optimisation
• #checkov:skip=CKV_AWS_260 — port 80 on public web server (justified)

ha-aws-architecture/main.tf

• enable_deletion_protection = true on ALB (CKV_AWS_150)
• ALB SG egress: protocol=-1 → 0.0.0.0/0 → port 80 scoped to VPC CIDR 10.0.0.0/16
• EC2 SG egress: same blanket rule → explicit port 80 + 443 via NAT
• #checkov:skip=CKV_AWS_260 on ALB SG — HTTP immediately 301-redirects to HTTPS at listener

k8s-ecommerce-project/microservices-demo/terraform/main.tf

• Fixed invalid HCL: master_authorized_networks_config was floating outside the cluster resource entirely; moved inside google_container_cluster
• Fixed secondary bug: CIDR was /0 (matches all IPs) instead of /32
• Added security controls: private_cluster_config, release_channel, master_auth, binary_authorization, enable_intranode_visibility
• Checkov skips with justification for Autopilot-managed controls (CKV_GCP_12/65/69) and registry module sources (CKV_TF_1)

README.md

• Removed Education & Credentials section
• Added Reality Check Documentation section linking to docs/reality-check/

docs/reality-check/ (new)

Nine per-project postmortem documents covering real failures encountered during development — following the neuroscale format: symptom → root cause → fix → business impact. One file per project plus an INDEX.md overview table.