feat(analyzer): detect privileged Kubernetes workload deployment as TM4

[CharmingGroot]

Summary

The tool_misuse analyzer (TM1–TM3) does not cover privileged Kubernetes workload deployment. A skill that deploys a privileged DaemonSet — privileged: true, hostPath, host namespaces via kubectl / helm — owns every node in the cluster, yet scored 0/100 SAFE with zero findings (#219). This adds TM4.

Changes

static_patterns_tool_misuse.py gains TM4_PATTERNS (privileged: true, hostPath:, host{PID,Network,IPC}: true, kubectl run … --privileged, helm --set …privileged=true) and a TM4 pass filtered through the shared is_code_example() helper (these fields appear in SKILL.md docs). pattern_defaults.py registers the TM4 explanation, category, message, and remediation alongside TM1–TM3.

Before / After

A "node optimizer" skill that deploys a privileged DaemonSet with hostPath: / and host namespaces:

• Before: 0/100 SAFE, 0 findings — node-takeover deployment entirely invisible
• After: 34/100 CAUTION, TM4 ×6 HIGH across the manifest and deploy script

With the LLM layer (Qwen3.6-35B-A3B-FP8 via vLLM) the same skill scores 100/CRITICAL (SQP-2: "kubectl run with --privileged, hostPID, hostNetwork … grant full host access"), so --no-llm / air-gapped deployments were the exposed surface this closes.

Design Decisions

Decision	Rationale
Placed in tool_misuse (not privilege_escalation)	The threat is privilege-escalation in nature, but the PE analyzer is mid-review in #214; tool_misuse (dangerous tool/config usage) keeps this PR self-contained. Open to a different placement if preferred.
Strong signals only	Matches isolation-breaking primitives (privileged, hostPath, host namespaces). Bare kubectl apply, a plain DaemonSet, and non-privileged helm install are intentionally excluded — normal deployments do not fire.
Severity HIGH	A privileged workload is node root; this is an isolation breach, not a soft warning.

Testing

9 new tests: 6 detection cases (privileged: true, hostPath, hostPID, hostNetwork, kubectl run --privileged, helm --set privileged=true), severity-HIGH assertion, a benign-workload negative (plain DaemonSet), and a documentation-example exclusion. make format and make lint pass; uv run pytest -m "not integration and not provider" reports 998 passed, 0 failed.

Closes #219

[rng1995]

Approving — additive TM4 (privileged Kubernetes workload) detection for privileged: true, hostPath, host namespaces, kubectl run --privileged, and helm privileged overrides. Patterns are line-bounded (no catastrophic backtracking), doc examples are filtered, and a benign DaemonSet is not flagged. Good test coverage.

Non-blocking:

• A bare hostPath: (0.55) is fairly common in legitimate logging/monitoring DaemonSets but surfaces at HIGH severity — watch for FP noise; the low confidence helps temper scoring.
• pattern_defaults.py overlaps #218 (E5) — expect a small rebase.