feat: add policy library with 29 German policy templates

Add 29 new document types (IT security, data, personnel, vendor, BCM
policies) to VALID_DOCUMENT_TYPES and 5 category pills to the document
generator UI. Include seed script for production DB population.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

admin-compliance/app/sdk/document-generator/page.tsx

@@ -32,19 +32,26 @@ import {
 
 const CATEGORIES: { key: string; label: string; types: string[] | null }[] = [
   { key: 'all', label: 'Alle', types: null },
+  // Legal / Vertragsvorlagen
   { key: 'privacy_policy', label: 'Datenschutz', types: ['privacy_policy'] },
   { key: 'terms', label: 'AGB', types: ['terms_of_service', 'agb', 'clause'] },
   { key: 'impressum', label: 'Impressum', types: ['impressum'] },
   { key: 'dpa', label: 'AVV/DPA', types: ['dpa'] },
   { key: 'nda', label: 'NDA', types: ['nda'] },
   { key: 'sla', label: 'SLA', types: ['sla'] },
-  { key: 'acceptable_use', label: 'AUP', types: ['acceptable_use'] },
   { key: 'widerruf', label: 'Widerruf', types: ['widerruf'] },
   { key: 'cookie', label: 'Cookie', types: ['cookie_policy', 'cookie_banner'] },
   { key: 'cloud', label: 'Cloud', types: ['cloud_service_agreement'] },
   { key: 'misc', label: 'Weitere', types: ['community_guidelines', 'copyright_policy', 'data_usage_clause'] },
   { key: 'dsfa', label: 'DSFA', types: ['dsfa'] },
+  // Sicherheitskonzepte (Migration 051)
   { key: 'security', label: 'Sicherheitskonzepte', types: ['it_security_concept', 'data_protection_concept', 'backup_recovery_concept', 'logging_concept', 'incident_response_plan', 'access_control_concept', 'risk_management_concept'] },
+  // Policy-Bibliothek (Migration 054)
+  { key: 'it_security_policies', label: 'IT-Sicherheit Policies', types: ['information_security_policy', 'access_control_policy', 'password_policy', 'encryption_policy', 'logging_policy', 'backup_policy', 'incident_response_policy', 'change_management_policy', 'patch_management_policy', 'asset_management_policy', 'cloud_security_policy', 'devsecops_policy', 'secrets_management_policy', 'vulnerability_management_policy'] },
+  { key: 'data_policies', label: 'Daten-Policies', types: ['data_protection_policy', 'data_classification_policy', 'data_retention_policy', 'data_transfer_policy', 'privacy_incident_policy'] },
+  { key: 'hr_policies', label: 'Personal-Policies', types: ['employee_security_policy', 'security_awareness_policy', 'acceptable_use', 'remote_work_policy', 'offboarding_policy'] },
+  { key: 'vendor_policies', label: 'Lieferanten-Policies', types: ['vendor_risk_management_policy', 'third_party_security_policy', 'supplier_security_policy'] },
+  { key: 'bcm_policies', label: 'BCM/Notfall', types: ['business_continuity_policy', 'disaster_recovery_policy', 'crisis_management_policy'] },
 ]
 
 // =============================================================================