feat(bitdefender): GravityZone Cloud Public API skill

Adds a /bitdefender skill that drives the ACG GravityZone partner tenant
via the JSON-RPC Public API. Read + management ops (companies, endpoints,
live security sweep, policies [read-only/shallow], packages, quarantine,
scans, groups, move/delete). Identity-tier JSON cache (24h TTL,
--refresh); volatile status is always pulled live, never cached.

Security hardening: API key loaded from SOPS vault at runtime (never on
disk/logs/argv/cache); destructive deletes gated behind --confirm; `raw`
also gates destructive methods; upstream error bodies truncated. UNVERIFIED
API methods reachable only via `raw`. Reuses the auth/JSON-RPC pattern from
api/services/gravityzone_service.py.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

.gitignore

@@ -5,6 +5,9 @@ backups/
 .cache-remediation/
 tmp-remediation/
 
+# Bitdefender skill cache (identity/structure only — no secrets/PII)
+.claude/skills/bitdefender/.cache/
+
 # Local settings (machine-specific)
 .claude/settings.local.json
 .claude/identity.json