Add compliance documentation for code review enforcement

[victorgetz]

Summary

• Adds a Compliance: Code Change Review Enforcement section to the README
• Maps the enforce-branch-protection workflow and workflow templates to ISO 27001:2017 controls (A.14.2.2, A.12.1.2)
• Documents how the automated enforcement works, what evidence auditors can reference, and how workflow templates provide additional change management controls
• Provides an evidence table linking to workflow files, run history, API endpoints, and the Vanta test

Context

The .github repo is the central enforcement mechanism for code change reviews across the org. This documentation serves as evidence for the Vanta code-review-application-config ("Application changes reviewed") test and related ISO 27001 controls.

Branch protection has also been enabled on this repo itself (1 required approval, dismiss stale reviews, admin enforcement).

Test plan

• Verify README renders correctly on GitHub
• Confirm relative links to workflow files and Actions tab resolve correctly

🤖 Generated with Claude Code

[Ninja243]

Looks like I need to have write access to this repo for my review to count