fix: remediate 9 VlamGuard policy failures

[github-actions]

Summary

The Deployment subtle-impact in production has critical security gaps (e.g., missing read-only root filesystem, privilege escalation protections, and explicit user/group IDs) and high-availability risks (single replica, missing probes). Addressing these will harden the workload against container escapes, privilege escalation attacks, and improve resilience during failures or rolling updates. The fixes are low-effort but high-impact for security and reliability.

VlamGuard Report

	Risk Score	Risk Level	Grade	Hard Blocks
Before	100/100	critical	C	3
After	100/100	critical	C	3

Fixes Applied

Check ID	File	Description
replica_count	demo/charts/subtle-impact/values.yaml	Applied static remediation: replicaCount
readonly_root_fs	demo/charts/subtle-impact/values.yaml	Applied static remediation: readOnlyRootFilesystem
service_account_token	demo/charts/subtle-impact/values.yaml	Applied static remediation: automountServiceAccountToken
allow_privilege_escalation	demo/charts/subtle-impact/values.yaml	Applied static remediation: allowPrivilegeEscalation

Unfixed (Manual Action Required)

• run_as_user_group
• liveness_readiness_probes
• image_pull_policy
• drop_all_capabilities
• image_registry_allowlist

Related Issue

Closes #30

---

Generated by VlamGuard