feat(web-security): add fireprox runtime support and ip-rotation skill

[GangGreenTemperTatum]

Summary

Adds fireprox (AWS API Gateway IP rotation) runtime support to the web-security capability and introduces an ip-rotation skill that documents both backends.

What's included

• capabilities/web-security/scripts/install_tools.sh — clones https://github.com/ustayready/fireprox to ~/git/fireprox and installs its Python requirements during sandbox provisioning.
• capabilities/web-security/docker/Dockerfile.runtime — same fireprox install for local/CI runtime builds.
• capabilities/web-security/capability.yaml —
  • Bumps version to 1.1.3
  • Adds optional fireprox check (test -f "$HOME/git/fireprox/fire.py")
  • Updates description and keywords (ip-rotation, waf-bypass, rate-limit-bypass)
• capabilities/web-security/skills/ip-rotation/SKILL.md — new skill covering:
  • IPROTATE_ENABLED activation gate
  • Backend selection (flareprox vs fireprox)
  • flareprox lifecycle (references built-in flareprox_* tools)
  • fireprox CLI lifecycle and cleanup warnings
  • Caido/Burp chaining guidance
• capabilities/web-security/agents/web-security.md — mentions IP rotation tools and the ip-rotation skill.

Notes

• This branch is intentionally a minimal "docker + skill" addition as requested.
• The ip-rotation skill covers both flareprox and fireprox. If PR feat(web-security): self-contained Flareprox IP rotation tool and skill #48 (flareprox) merges first, this skill may need a small rebase to avoid duplication.
• fireprox requires AWS credentials at runtime (AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY or ~/.aws/credentials) and creates one API Gateway per target URL.

Validation

• bash -n capabilities/web-security/scripts/install_tools.sh
• capability.yaml parses and includes fireprox check
• SKILL.md frontmatter valid and mentions both backends
• python3 -m pytest capabilities/web-security/tests/ --ignore=capabilities/web-security/tests/test_bbscope.py -q → 153 passed