scaffold: 4 new module dirs (sudo_samedit, sequoia, sudoedit_editor, vmwgfx)

Stubs returning PRECOND_FAIL. Parallel agents fill in real detect/exploit.

modules/sudoedit_editor_cve_2023_22809/skeletonkey_modules.c

@@ -0,0 +1,20 @@
+/* sudoedit_editor_cve_2023_22809 — STUB pending agent implementation. */
+#include "skeletonkey_modules.h"
+#include "../../core/registry.h"
+
+static skeletonkey_result_t sudoedit_editor_detect(const struct skeletonkey_ctx *ctx)
+{ (void)ctx; return SKELETONKEY_PRECOND_FAIL; }
+
+const struct skeletonkey_module sudoedit_editor_module = {
+    .name = "sudoedit_editor",
+    .cve = "CVE-2023-22809",
+    .summary = "sudoedit EDITOR/VISUAL `--` argv escape → arbitrary file write as root — stub pending implementation",
+    .family = "sudo",
+    .kernel_range = "sudo 1.8.0 ≤ V < 1.9.12p2 (userspace)",
+    .detect = sudoedit_editor_detect,
+    .exploit = NULL, .mitigate = NULL, .cleanup = NULL,
+    .detect_auditd = NULL, .detect_sigma = NULL,
+    .detect_yara = NULL,   .detect_falco = NULL,
+};
+
+void skeletonkey_register_sudoedit_editor(void) { skeletonkey_register(&sudoedit_editor_module); }

modules/sudoedit_editor_cve_2023_22809/skeletonkey_modules.h

@@ -0,0 +1,5 @@
+#ifndef SUDOEDIT_EDITOR_SKELETONKEY_MODULES_H
+#define SUDOEDIT_EDITOR_SKELETONKEY_MODULES_H
+#include "../../core/module.h"
+extern const struct skeletonkey_module sudoedit_editor_module;
+#endif