fix(iace): remove EN ISO 13849-1 risk-graph reproduction; own risk model

IP/copyright fix: ComputePLr reproduced the EN ISO 13849-1 Anhang A risk-graph
decision table (S/F/P -> PLr a..e) and SeverityToS/ExposureToF its parameter
binning, emitted into every hazard description. Removed — we may not reproduce
DIN/Beuth norm logic.

Replaced with BreakPilot's OWN risk model:
- risk_estimation.go: probability (W) + avoidance (P) estimated from public,
  permissively-licensed accident statistics (Eurostat ESAW, CC BY 4.0) by
  contact mode, calibrated to our ground-truth corpus; own risk index + bands.
- iace_handler_init.go now emits "Risikoeinschaetzung (BreakPilot-Modell):
  S F W P -> Risiko: <level>" instead of the norm PLr string.
- DATA_SOURCES.md: data provenance + license register (ESAW CC BY 4.0; BLS/OSHA
  public domain; HSE OGL; DGUV + DIN/Beuth explicitly excluded).
- gt_risk_benchmark_test.go: first GT validation of risk numbers — W within +-1
  99%, P 93% vs the professional across both ground truths.

Removed risk_graph_test.go (pinned the reproduced norm table).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

ai-compliance-sdk/internal/api/handlers/iace_handler_init.go

@@ -219,26 +219,20 @@ func (h *IACEHandler) InitializeProject(c *gin.Context) {
 				// scenario itself. Only the aggregated norm-references
 				// block is appended below for an at-a-glance audit trail.
 				desc := mp.ScenarioDE
-				// Phase 17: PLr per EN ISO 13849-1 Anhang A. The graph
-				// inputs come from the pattern's DefaultSeverity/Exposure
-				// (mapped to S1/S2 and F1/F2 at threshold 3) plus
-				// DefaultAvoidability (P1/P2). If avoidability is unset
-				// we default to P1 — the conservative direction is
-				// downward (lower PLr), the operator can raise it
-				// manually after expert review.
-				avoid := 1
-				if mp.DefaultAvoidability == 2 {
-					avoid = 2
-				}
+				// BreakPilot's OWN risk model (NOT a norm reproduction):
+				// severity + frequency from the pattern defaults; probability
+				// (W) and avoidance (P) from public accident-statistics anchors
+				// (see iace/risk_estimation.go + DATA_SOURCES.md). No EN ISO
+				// 13849-1 risk-graph table or parameter binning is reproduced.
 				if mp.DefaultSeverity > 0 && mp.DefaultExposure > 0 {
-					sBin := iace.SeverityToS(mp.DefaultSeverity)
-					fBin := iace.ExposureToF(mp.DefaultExposure)
-					plr := iace.ComputePLr(sBin, fBin, avoid)
-					desc += fmt.Sprintf("\n\nRisikograph EN ISO 13849-1 (Anhang A): S%d · F%d · P%d → PLr %s",
-						sBin, fBin, avoid, plr)
+					w := iace.EstimateProbabilityW(mp.HazardCats, mp.ScenarioDE)
+					p := iace.EstimateAvoidabilityP(mp.HazardCats, mp.ScenarioDE)
+					_, level := iace.EstimateRiskLevel(mp.DefaultSeverity, mp.DefaultExposure, w, p)
+					desc += fmt.Sprintf("\n\nRisikoeinschaetzung (BreakPilot-Modell): S%d · F%d · W%d · P%d → Risiko: %s",
+						mp.DefaultSeverity, mp.DefaultExposure, w, p, level)
 				}
 				if mp.ISO12100Section != "" {
-					desc += "\n\nKlassifikation: EN ISO 12100 Anhang B, Abschnitt " + mp.ISO12100Section
+					desc += "\n\nKlassifikation: EN ISO 12100 Abschnitt " + mp.ISO12100Section
 				}
 
 				hz, cerr := h.store.CreateHazard(ctx, iace.CreateHazardRequest{