feat: Phase 3 - CRUD core for Techniques, Tests and Evidence (T-014 to T-017)

- Add Pydantic schemas for Technique, Test and Evidence
- Add CRUD endpoints for Techniques (list with filters, detail, create, update, review)
- Add CRUD endpoints for Tests (create, detail, update, validate, reject)
- Add evidence upload with SHA-256 integrity and presigned download URLs
- Add MinIO/S3 storage client with bucket auto-creation on startup
- Add status_service to recalculate technique coverage from test results
- Add require_any_role RBAC dependency for multi-role authorization
- Update README with API endpoints reference and project structure

README.md

@@ -89,6 +89,38 @@ Once the backend is running, access the interactive API documentation at:
 - **Swagger UI**: http://localhost:8000/docs
 - **ReDoc**: http://localhost:8000/redoc
 
+## API Endpoints
+
+### Auth
+| Method | Route | Auth | Description |
+|--------|-------|------|-------------|
+| POST | `/api/v1/auth/login` | Public | Obtain JWT token |
+| GET | `/api/v1/auth/me` | Authenticated | Current user profile |
+
+### Techniques
+| Method | Route | Auth | Description |
+|--------|-------|------|-------------|
+| GET | `/api/v1/techniques` | Authenticated | List all (filters: `?tactic=`, `?status=`, `?review_required=`) |
+| GET | `/api/v1/techniques/{mitre_id}` | Authenticated | Detail with associated tests |
+| POST | `/api/v1/techniques` | Admin | Create technique |
+| PATCH | `/api/v1/techniques/{mitre_id}` | Admin | Update technique fields |
+| PATCH | `/api/v1/techniques/{mitre_id}/review` | Lead, Admin | Mark as reviewed |
+
+### Tests
+| Method | Route | Auth | Description |
+|--------|-------|------|-------------|
+| POST | `/api/v1/tests` | Red Tech, Admin | Create test (state=draft) |
+| GET | `/api/v1/tests/{id}` | Authenticated | Detail with evidences |
+| PATCH | `/api/v1/tests/{id}` | Creator, Admin | Update (only draft/rejected) |
+| POST | `/api/v1/tests/{id}/validate` | Lead, Admin | Validate + recalculate technique status |
+| POST | `/api/v1/tests/{id}/reject` | Lead, Admin | Reject test |
+
+### Evidence
+| Method | Route | Auth | Description |
+|--------|-------|------|-------------|
+| POST | `/api/v1/tests/{test_id}/evidence` | Authenticated | Upload evidence file (SHA-256 verified) |
+| GET | `/api/v1/evidence/{id}` | Authenticated | Get metadata + presigned download URL |
+
 ## Project Structure
 
 ```
@@ -117,14 +149,22 @@ Aegis/
 │       │   ├── intel.py        # Threat intelligence items
 │       │   ├── audit.py        # Audit logging
 │       │   └── enums.py        # Shared enumerations
+│       ├── storage.py          # MinIO/S3 client (upload, presigned URLs)
 │       ├── schemas/            # Pydantic request/response schemas
-│       │   └── auth.py         # LoginRequest, TokenResponse, UserOut
+│       │   ├── auth.py         # LoginRequest, TokenResponse, UserOut
+│       │   ├── technique.py    # TechniqueCreate/Update/Out/Summary
+│       │   ├── test.py         # TestCreate/Update/Out/Validate
+│       │   └── evidence.py     # EvidenceOut
 │       ├── routers/            # API endpoint routers
-│       │   └── auth.py         # POST /auth/login, GET /auth/me
+│       │   ├── auth.py         # POST /auth/login, GET /auth/me
+│       │   ├── techniques.py   # CRUD techniques (list, detail, create, update, review)
+│       │   ├── tests.py        # CRUD tests (create, detail, update, validate, reject)
+│       │   └── evidence.py     # Upload evidence, presigned download
 │       ├── dependencies/       # FastAPI dependencies (DI)
-│       │   └── auth.py         # get_current_user, require_role (RBAC)
+│       │   └── auth.py         # get_current_user, require_role, require_any_role
 │       └── services/           # Business logic services
-│           └── audit_service.py
+│           ├── audit_service.py
+│           └── status_service.py  # Recalculate technique status from tests
 └── frontend/                   # React frontend (coming soon)
 ```