Add detection telemetry health fixtures

[DENGXUELIN]

/claim #1417

What changed

Adds fixture-backed telemetry readiness and deployed rule-health gates to detection-engineering.

• Adds DET-HEALTH-01 through DET-HEALTH-08 for ATT&CK data component/logsource mapping, collector health, parser field mapping, deployed SIEM rule status, suppression scope, validation samples, retention, and explicit coverage decision.
• Adds a Telemetry and Rule Health Matrix so coverage dashboards distinguish rule-in-repo from operational detection coverage.
• Adds classification guidance for Theoretical, Broken, and Not Evaluable coverage when telemetry, parser mappings, suppressions, or rule run health are missing.
• Adds benign/vulnerable JSON fixtures for a healthy Sentinel rule path versus a Sigma rule that exists while telemetry is stale, parser fields drifted, the deployed rule is disabled, suppressions hide all matching events, and retention is too short.

Why this PR

Existing PR #1418 is a useful Markdown edge-case implementation. This PR is intentionally fixture-backed with rule-health export style JSON so future reviews can distinguish live operational coverage from source-control-only or broken telemetry claims.

Validation

• git diff --check origin/main...HEAD
• git merge-tree --write-tree origin/main HEAD
• JSON parse check for both added fixtures
• Markdown fence balance for detection-engineering/SKILL.md
• Marker checks for version: 1.0.1, Telemetry Readiness and Rule Health Evidence, DET-HEALTH-01 through DET-HEALTH-08, Telemetry and Rule Health Matrix, Not Evaluable, Parser Fields Proven, and Counting Rules Without Live Telemetry or Rule Health
• Fixture marker checks for expected_skill_decision, telemetry_health, parser_mapping, rule_deployment, suppression_scope, validation_samples, retention, and coverage_decision
• Added-line ASCII scan
• Added-line sensitive/public-contact pattern scan
• Remote compare verification before PR creation

Bounty tier

Requesting Improver Moderate ($100) if accepted. This adds structured local fixtures in addition to the telemetry readiness guidance requested by the issue.