feat(data): adopt mitre-technique-map.json (refs #324)

[Daren9m]

Why

data/frameworks/mitre-attack.json declares the 14 ATT&CK tactics, but ATT&CK controlIds are technique IDs (T1078, T1078.001) that don't encode the tactic. A technique->tactic lookup is needed to group findings by tactic. Per #361's pattern, CheckID should own this canonically instead of each consumer reinventing it.

What

Adopts M365-Assess's controls/mitre-technique-map.json upstream:

• data/mitre-technique-map.json - 100 technique->tactic entries (data verbatim; only $schema added).
• data/mitre-technique-map.schema.json - draft 2020-12; technique-ID key pattern (T#### / T####.###), tactic-code enum (the 14 ATT&CK tactics), values allow a single code or an array (forward-compat with multi-tactic completeness).
• tests/MitreTechniqueMap.Tests.ps1 - key format + every tactic code cross-checked against frameworks/mitre-attack.json scoring.tactics.
• REFERENCES.md - canonical reference data row.

Partial coverage (transparency)

The adopted map covers ~20% (96 / 477) of the technique IDs referenced by registry.json. This matches the source: M365-Assess's copy was always partial. This PR establishes the canonical file + schema + contract; full ATT&CK-matrix coverage and the generator (scripts/Build-MitreTechniqueMap.py) remain to close #324.

Testing

• Data validates against the schema (jsonschema).
• 382 Pester tests pass (377 + 5 new), 0 failures.

Notes

• Independent PR from main; REFERENCES.md adds a row to the Canonical Reference Data table - if a sibling adoption PR (e.g. feat(data): adopt canonical microsoft-first-party-appids.json (#361) #412) merges first, resolve the trivial table conflict by keeping both rows.

Refs #324

[github-actions]

Content enrichment population

Overall (1106 checks): rationale 26.4% (292/1106) • impact 26.4% (292/1106) • references 26.4% (292/1106)

Framework	n	rationale	impact	references
cis-controls-v8	1021	25.2% (257/1021)	25.2% (257/1021)	25.2% (257/1021)
cis-m365-v6	167	100.0% (167/167)	100.0% (167/167)	100.0% (167/167)
cisa-scuba	52	100.0% (52/52)	100.0% (52/52)	100.0% (52/52)
cmmc	1081	26.4% (285/1081)	26.4% (285/1081)	26.4% (285/1081)
eidsca	21	100.0% (21/21)	100.0% (21/21)	100.0% (21/21)
essential-eight	631	22.3% (141/631)	22.3% (141/631)	22.3% (141/631)
fedramp	1073	27.2% (292/1073)	27.2% (292/1073)	27.2% (292/1073)
gdpr	11	100.0% (11/11)	100.0% (11/11)	100.0% (11/11)
hipaa	502	33.5% (168/502)	33.5% (168/502)	33.5% (168/502)
iso-27001	1021	26.6% (272/1021)	26.6% (272/1021)	26.6% (272/1021)
iso-27002	1021	26.6% (272/1021)	26.6% (272/1021)	26.6% (272/1021)
iso-27017	1013	26.1% (264/1013)	26.1% (264/1013)	26.1% (264/1013)
mitre-attack	893	30.8% (275/893)	30.8% (275/893)	30.8% (275/893)
nis2	311	25.7% (80/311)	25.7% (80/311)	25.7% (80/311)
nist-800-171	1081	26.4% (285/1081)	26.4% (285/1081)	26.4% (285/1081)
nist-800-53	1073	27.2% (292/1073)	27.2% (292/1073)	27.2% (292/1073)
nist-csf	827	31.2% (258/827)	31.2% (258/827)	31.2% (258/827)
pci-dss	1053	26.4% (278/1053)	26.4% (278/1053)	26.4% (278/1053)
soc2	1104	26.4% (292/1104)	26.4% (292/1104)	26.4% (292/1104)
stig	13	100.0% (13/13)	100.0% (13/13)	100.0% (13/13)

Informational only — does not gate the build. The hard release-gate for Critical/High enrichment lives in #281 (v3.2.0).

[github-actions]

Framework mapping count delta

Framework	main	this PR	Δ	Δ%	Status
cis-controls-v8	1021	1021	0	+0.00%	✓ OK
cis-m365-v6	167	167	0	+0.00%	✓ OK
cisa-scuba	52	52	0	+0.00%	✓ OK
cmmc	1081	1081	0	+0.00%	✓ OK
eidsca	21	21	0	+0.00%	✓ OK
essential-eight	631	631	0	+0.00%	✓ OK
fedramp	1073	1073	0	+0.00%	✓ OK
gdpr	11	11	0	+0.00%	✓ OK
hipaa	502	502	0	+0.00%	✓ OK
iso-27001	1021	1021	0	+0.00%	✓ OK
iso-27002	1021	1021	0	+0.00%	✓ OK
iso-27017	1013	1013	0	+0.00%	✓ OK
mitre-attack	893	893	0	+0.00%	✓ OK
nis2	311	311	0	+0.00%	✓ OK
nist-800-171	1081	1081	0	+0.00%	✓ OK
nist-800-53	1073	1073	0	+0.00%	✓ OK
nist-csf	827	827	0	+0.00%	✓ OK
pci-dss	1053	1053	0	+0.00%	✓ OK
soc2	1104	1104	0	+0.00%	✓ OK
stig	13	13	0	+0.00%	✓ OK

Result: ✓ PASS — no framework mapping regressions detected.