feat(compliance): add ISO/IEC 27001:2022 and ISO/IEC 42001:2023 frameworks

ISO 27001:2022: 37 Annex A controls across 4 themes (Organizational,
People, Physical, Technological) mapped to MITRE ATT&CK techniques.

ISO 42001:2023: 25 Annex A controls for AI Management Systems mapped to
relevant ATT&CK techniques covering AI supply chain, data pipeline
integrity, model serving security, and third-party AI risk.

Backend: import functions, _import_curated_framework() shared helper,
and POST /compliance/import/iso-27001 + iso-42001 endpoints.
Frontend: API client functions + import buttons in CompliancePage.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

backend/app/routers/compliance.py

@@ -23,6 +23,8 @@ from app.services.compliance_import_service import (
     import_nist_800_53_mappings,
     import_cis_controls_v8_mappings,
     import_dora_mappings,
+    import_iso_27001_mappings,
+    import_iso_42001_mappings,
 )
 
 router = APIRouter(prefix="/compliance", tags=["compliance"])
@@ -130,3 +132,23 @@ def import_dora(
     """Import DORA (EU 2022/2554) compliance mappings (admin only)."""
     result = import_dora_mappings(db)
     return result
+
+
+@router.post("/import/iso-27001")
+def import_iso27001(
+    db: Session = Depends(get_db),
+    current_user: User = Depends(require_role("admin")),
+):
+    """Import ISO/IEC 27001:2022 Annex A compliance mappings (admin only)."""
+    result = import_iso_27001_mappings(db)
+    return result
+
+
+@router.post("/import/iso-42001")
+def import_iso42001(
+    db: Session = Depends(get_db),
+    current_user: User = Depends(require_role("admin")),
+):
+    """Import ISO/IEC 42001:2023 AI Management System compliance mappings (admin only)."""
+    result = import_iso_42001_mappings(db)
+    return result