feat(compliance): executive descriptions and mapping rationale for all 5 frameworks

Backend: expose description in control status response, add rich business-language
descriptions to all curated controls (ISO 27001, ISO 42001, CIS v8, DORA) explaining
requirements and ATT&CK mapping rationale. ISO 42001 includes infrastructure-mapping note.

Frontend: description field in type, info panel in ControlsTable expanded rows,
framework info banner with description and official standard link in CompliancePage.

frontend/src/api/compliance.ts

@@ -22,6 +22,7 @@ export interface ComplianceTechniqueInfo {
 export interface ComplianceControlStatus {
   control_id: string;
   title: string;
+  description: string | null;
   category: string | null;
   status: "covered" | "partially_covered" | "not_covered" | "not_evaluated";
   score: number;