docs(validation): add real-world C/C++ validation report

[Rahulatram321]

Summary

This PR introduces real-world validation artifacts for C/C++ detection accuracy, documenting coverage quality, observed gaps, and reproducible evaluation methodology.

Why

Mentorship deliverables require practical applicability evidence. Validation on production-like repositories demonstrates robustness beyond synthetic tests.

What this PR includes

• Validation methodology for selecting and scanning C/C++ codebases.
• Coverage report for currently implemented OpenSSL rule families.
• False positive/false negative observations with categorization.
• Reproducible run instructions and result interpretation notes.
• Prioritized backlog of rule improvements derived from findings.

Architecture impact

• No runtime behavior changes.
• Provides quality baseline and feedback loop for future detection improvements.

Validation

• Documentation includes sample runs and expected output shape.
• Findings mapped to actionable next steps for rule precision and recall improvements.

Non-goals

• This PR does not add new detection logic directly.
• Policy-level enforcement outcomes are documented separately in PR-10.

Follow-up

Use this report to drive targeted enhancements and benchmark progression across subsequent releases.