Add XXE parser evidence fixtures

[jddark62]

Summary

• Adds a multi-language XXE evidence gate to secure-code-review covering XML input source, parser/language, DTD/entity state, resolver behavior, schema/XSLT handling, resource limits, legacy exceptions, and false-positive rationale.
• Adds language-aware XML parser search patterns for Java, Python, .NET, PHP, Ruby, and Node.js.
• Adds seven YAML edge-case fixtures covering safe defusedxml, unsafe Java parser defaults, external schema fetches, hardened .NET settings, PHP entity substitution, constrained Ruby DTD exceptions, and hardened Node parser behavior.

Validation

• git diff --check
• Frontmatter YAML parse passed
• Fixture YAML parse passed: 7 blocks
• Markdown fence balance passed
• Required XXE/CWE-611 markers present
• XXE reference URLs returned HTTP 200
• ASCII scan passed for new fixture file
• Privacy scan passed for public files

/claim #882

Payment details can be coordinated privately after maintainer acceptance.