feat(compliance): add DORA (EU 2022/2554) framework with ATT&CK mappings

Implements the Digital Operational Resilience Act as a compliance framework
using the same pattern as CIS Controls v8 (hardcoded curated mappings,
no official STIX bundle exists for DORA).

22 controls across 5 chapters mapped to MITRE ATT&CK techniques:
  Ch. II  — ICT Risk Management (Art. 5–15): governance, identification,
            protection, detection, response, backup, threat intel
  Ch. III — Incident Management (Art. 17–19): classification, reporting
  Ch. IV  — Resilience Testing (Art. 24–27): general testing + TLPT
            (Art. 26 explicitly based on TIBER-EU/ATT&CK threat-led testing)
  Ch. V   — Third-Party Risk (Art. 28, 30, 42): supply chain, trusted rels.
  Ch. VI  — Information Sharing (Art. 45)

Technique mappings derived from ENISA DORA guidelines and TIBER-EU framework.
Import is triggered via POST /api/v1/compliance/import/dora (admin only).
Frontend: new 'DORA' button in the Compliance page import section.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

backend/app/routers/compliance.py

@@ -22,6 +22,7 @@ from app.services.compliance_service import (
 from app.services.compliance_import_service import (
     import_nist_800_53_mappings,
     import_cis_controls_v8_mappings,
+    import_dora_mappings,
 )
 
 router = APIRouter(prefix="/compliance", tags=["compliance"])
@@ -119,3 +120,13 @@ def import_cis(
     """Import CIS Controls v8 mappings (admin only)."""
     result = import_cis_controls_v8_mappings(db)
     return result
+
+
+@router.post("/import/dora")
+def import_dora(
+    db: Session = Depends(get_db),
+    current_user: User = Depends(require_role("admin")),
+):
+    """Import DORA (EU 2022/2554) compliance mappings (admin only)."""
+    result = import_dora_mappings(db)
+    return result