feat(ciso-report+ai-governance): 5-Year Security Roadmap Report + AI Governance Policy Report

Two major additions to the RAG Agentic Dashboard:

1. CISO 5-Year Security Roadmap — Formal Report (SEC-ROAD-RPT-001)
   ~4,200-word report from CISO & Lead Security Architect perspective
   for mid-size FinTech moving from on-prem to cloud-native AI-agent arch.

   Report Structure (XML-tagged <title>, <abstract>, <content>):
   - Section 1: Executive Summary (Board, 2 paragraphs)
   - Section 2: Reconciling Tiered Admin & Agent Interop (Engineering, 3 para)
   - Section 3: Foundational Hardening Yr 1-2 (strategic+technical bullets, KPIs)
   - Section 4: Zero Trust Integration Yr 3-4 (strategic+technical bullets, KPIs)
   - Section 5: Adaptive Security Measures Yr 5 (strategic+technical bullets, KPIs)
   - Cardinal Invariant: AI agents NEVER write to Tier 0

   Framework Citations: NIST CSF 2.0, CISA ZT v2.0, NIST PQC FIPS 203/204,
   ISO 42001, ISO 27001, SOC 2 Type II

   8 new API endpoints: /api/ciso-report, /meta, /executive-summary,
   /reconciliation, /foundational, /zero-trust, /adaptive, /invariant

   New page: ciso-report.html

2. AI Governance Policy Report (GOV-AI-RPT-001) — all 7 sections (~8,500 words)
   Sections 1-7: Executive Summary, Introduction, Comparative Jurisdictional
   Analysis, Sectoral Regulations, International Cooperation, Recommendations,
   Conclusion — with 9 API endpoints

Verification:
  - 42+ API endpoints: all HTTP 200
  - 10 HTML pages: all HTTP 200
  - Console errors: 0

Author: OneFineStarstuff