cinc: add repo-specific style and architecture validator

[afreidah]

Context

The Cinc tree has a documented architecture and style guide that goes beyond what Cookstyle can validate.

Examples:

• recipes/default.rb must remain header-only
• recipes should be thin wrappers around custom resources
• custom resources require unified_mode true
• custom resources require provides and default_action
• file headers follow a specific format
• roles should not contain comments inside run_list(...)
• generic shared logic belongs in munchbox_lib

Most of these rules are documented but enforced only by convention.

Proposal

Add a lightweight validator under infrastructure/cinc/ that performs static checks across cookbooks, roles, and supporting files.

Example checks:

• Ruby files begin with # frozen_string_literal: true
• custom resources contain unified_mode true
• custom resources declare provides
• custom resources declare default_action
• recipes/default.rb contains only header content
• role files do not contain comments inside run_list(...)
• cookbook structure matches the documented layout
• long-form comment styles are flagged where practical

Acceptance criteria

• Validator runs locally without Chef server access
• Validator exits non-zero on violations
• Existing valid cookbooks pass cleanly
• README documents how to run the validator
• Validation can be incorporated into cookbook verification workflows

Notes

This should complement Cookstyle, not replace it. The goal is to enforce Munchbox-specific conventions that generic Chef tooling does not understand.