refactor(cra): readiness fetches Machinery-Reg obligations from use_case=maschinen

Follow-up to the machinery_reg_cyber.py removal: the readiness endpoint now pulls
Machinery Regulation 2023/1230 cyber-with-safety obligations from the shared
Controls-API (use_case=maschinen), tagged "Maschinen-VO", best-effort.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

backend-compliance/tests/test_cra_readiness.py

@@ -31,11 +31,14 @@ def test_no_digital_element_not_in_scope():
     assert d["counts"]["code"] == 0
 
 
-def test_machinery_adds_tagged_machinery_reg_obligations():
-    d = client.post("/api/v1/cra/readiness", json={
-        "intended_use": "App fuer Industrieanlagen", "connected_to_internet": True, "is_machinery": True}).json()
-    assert "Maschinen-VO 2023/1230" in d["regulations"]
+def test_machinery_flag_does_not_break_assessment():
+    # Machinery-Reg obligations come from the Controls-API (use_case=maschinen, DB) and
+    # are verified live, not here. Without a DB the endpoint must still return the CRA
+    # guideline (best-effort machinery fetch).
+    r = client.post("/api/v1/cra/readiness", json={
+        "intended_use": "App fuer Industrieanlagen", "connected_to_internet": True, "is_machinery": True})
+    assert r.status_code == 200
+    d = r.json()
+    assert d["in_scope"] is True
     items = d["guideline"]["code"] + d["guideline"]["process"] + d["guideline"]["document"]
-    assert any(it["source"] == "Maschinen-VO" for it in items)
-    assert any(it["req_id"] == "MR-1.1.9" for it in items)
     assert any(it["source"] == "CRA" for it in items)