feat(compliance): add DORA (EU 2022/2554) framework with ATT&CK mappings

Implements the Digital Operational Resilience Act as a compliance framework
using the same pattern as CIS Controls v8 (hardcoded curated mappings,
no official STIX bundle exists for DORA).

22 controls across 5 chapters mapped to MITRE ATT&CK techniques:
  Ch. II  — ICT Risk Management (Art. 5–15): governance, identification,
            protection, detection, response, backup, threat intel
  Ch. III — Incident Management (Art. 17–19): classification, reporting
  Ch. IV  — Resilience Testing (Art. 24–27): general testing + TLPT
            (Art. 26 explicitly based on TIBER-EU/ATT&CK threat-led testing)
  Ch. V   — Third-Party Risk (Art. 28, 30, 42): supply chain, trusted rels.
  Ch. VI  — Information Sharing (Art. 45)

Technique mappings derived from ENISA DORA guidelines and TIBER-EU framework.
Import is triggered via POST /api/v1/compliance/import/dora (admin only).
Frontend: new 'DORA' button in the Compliance page import section.

frontend/src/api/compliance.ts

@@ -120,3 +120,9 @@ export async function importCisMappings(): Promise<Record<string, unknown>> {
   const { data } = await client.post("/compliance/import/cis-controls-v8");
   return data;
 }
+
+/** Import DORA (EU 2022/2554) compliance mappings (admin). */
+export async function importDoraMappings(): Promise<Record<string, unknown>> {
+  const { data } = await client.post("/compliance/import/dora");
+  return data;
+}