merge: sync with origin/main, take upstream on conflicts

# Conflicts:
#	admin-compliance/lib/sdk/types.ts
#	admin-compliance/lib/sdk/vendor-compliance/types.ts

backend-compliance/compliance/api/legal_template_routes.py

@@ -50,6 +50,57 @@ VALID_DOCUMENT_TYPES = {
     "cookie_banner",
     "agb",
     "clause",
+    # Security document templates (Migration 051)
+    "it_security_concept",
+    "data_protection_concept",
+    "backup_recovery_concept",
+    "logging_concept",
+    "incident_response_plan",
+    "access_control_concept",
+    "risk_management_concept",
+    # Policy templates — IT Security (Migration 054)
+    "information_security_policy",
+    "access_control_policy",
+    "password_policy",
+    "encryption_policy",
+    "logging_policy",
+    "backup_policy",
+    "incident_response_policy",
+    "change_management_policy",
+    "patch_management_policy",
+    "asset_management_policy",
+    "cloud_security_policy",
+    "devsecops_policy",
+    "secrets_management_policy",
+    "vulnerability_management_policy",
+    # Policy templates — Data (Migration 054)
+    "data_protection_policy",
+    "data_classification_policy",
+    "data_retention_policy",
+    "data_transfer_policy",
+    "privacy_incident_policy",
+    # Policy templates — Personnel (Migration 054)
+    "employee_security_policy",
+    "security_awareness_policy",
+    "remote_work_policy",
+    "offboarding_policy",
+    # Policy templates — Vendor/Supply Chain (Migration 054)
+    "vendor_risk_management_policy",
+    "third_party_security_policy",
+    "supplier_security_policy",
+    # Policy templates — BCM (Migration 054)
+    "business_continuity_policy",
+    "disaster_recovery_policy",
+    "crisis_management_policy",
+    # CRA Cybersecurity (Migration 056)
+    "cybersecurity_policy",
+    # DSFA template
+    "dsfa",
+    # Module document templates (Migration 073)
+    "vvt_register",
+    "tom_documentation",
+    "loeschkonzept",
+    "pflichtenregister",
 }
 VALID_STATUSES = {"published", "draft", "archived"}