docs: add ISO A.8.10 deletion evidence gates

[bozicovichsantiago20-oss]

Summary

• Add an ISO 27001:2022 A.8.10 information deletion evidence gate to the ISO gap workflow.
• Require deletion scope mapping across primary stores, derived copies, backups, logs, exports, test data, SaaS processors, and approved exceptions.
• Add output matrix fields for retention basis, proof artifacts, exception authority, expiry/review dates, and residual-risk / SoA traceability.
• Add focused YAML fixtures for primary-only deletion gaps, valid legal-hold exceptions, and missing downstream processor confirmation.

Issue context

Implements an Improver-tier PR for the coverage gap described in #1400. This PR does not claim the Reviewer-tier bounty for the original review issue; it is a separate implementation submission.

Validation

• git diff --check
• Markdown fence balance
• Marker checks for A.8.10, deletion scope, backup, downstream processor, legal hold, SoA, Not Evaluable, cryptographic erasure, and residual risk
• New fixture ASCII scan

Bounty request

Improver Moderate if accepted. Payment details can be provided privately after maintainer acceptance.