chore: enhance adobe aem skills and pocs for web

[GangGreenTemperTatum]

Summary

• aem-sling-exploitation skill update from Ep176 Jim Green research — SSRF vectors (opensocial, shindig, CVE-2018-12809, sitecatalyst), encoded slash bypass (%2F), dam/merge/metadata extension confusion, error-path selector chaining strategy, double-bypass chain visual, /var path enumeration, financial data hunting notes, expanded sensitive data locations
• XSS gadgets enriched with detection guidance, key insights, and local PoC references for each gadget (moment.js format injection, jQuery .text() DOMPurify bypass, javascript: URI validation bypass)
• 3 standalone PoC HTML files added under pocs/:
  • moment-format-xss.html — loads moment.js from CDN, format param from query string
  • jquery-text-dompurify-bypass.html — DOMPurify + jQuery .text() entity re-decoding chain
  • javascript-uri-validation-bypass.html — URL constructor validation + window.open

Test plan

• just validate passes (confirmed locally — 0 failures)
• Skill markdown renders correctly and PoC links resolve
• Dispatcher bypass patterns section has SSRF, encoded slash, and error-path chaining
• XSS gadgets section has detection guidance and PoC refs for all 3 gadgets