feat(rules): add 8 new cost rules COST-020–COST-027 (RDS old-gen, Lam…

[jkondrat]

…bda memory, API GW REST, SQS retention, RDS multi-AZ non-prod, ECS no CPU, multiple NAT GWs, missing VPC endpoints); fix COST-015

| ID | Name | Mechanism | Why included |
| COST-020 | RDS Old Generation Instance | `RegexRule` | db.t2/m3/m4/r3/r4 — identical pattern to COST-001, high savings |
| COST-021 | Lambda Over-Provisioned Memory | `RegexRule` | `memory_size ≥ 3008` (old max, common cargo-cult) |
| COST-022 | API Gateway REST vs HTTP API | `RegexRule` | 3.5× price difference, trivially detectable |
| COST-023 | SQS Max Message Retention | `RegexRule` | `1209600` s = 14-day max; signals neglect on high-volume queues |
| COST-024 | RDS Multi-AZ in Non-Prod | `RdsMultiAzNonProdRule` | Block-level: fires only when resource name contains dev/staging/test/qa |
| COST-025 | ECS Task Without CPU/Memory | `EcsNoCpuMemoryRule` | Block-level: fires when `cpu =` is absent from the task definition block |
| COST-026 | Multiple NAT Gateways | `MultipleNatGatewayRule` | Counts `aws_nat_gateway` resources in a file; >1 is flagged |
| COST-027 | Missing VPC Endpoints (S3/DynamoDB) | `CompoundInverseRule` | Directory-level: NAT-GW + S3/Dynamo present but no `aws_vpc_endpoint` |