feat: IACE CE-Compliance Module — Normen, Risikobewertung, Production Lines

Major features:
- 215 norms library with section references + Beuth URLs (A/B1/B2/C norms)
- 173 hazard patterns with detail fields (scenario, trigger, harm, zone)
- Deterministic pattern matching: Component × Lifecycle × Pattern cross-product
- SIL/PL auto-calculation from S×E×P risk graph
- Risk assessment table with editable S/E/P dropdowns
- Production Line Dashboard with animated station flow (Running Dots)
- IACE process flow + norms coverage on start page
- Non-blocking cookie banner, ProcessFlow SSR fix
- 104 Playwright E2E tests passing

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

ai-compliance-sdk/internal/api/handlers/iace_handler_mitigations.go

@@ -14,6 +14,31 @@ import (
 // Mitigations
 // ============================================================================
 
+// ListProjectMitigations handles GET /projects/:id/mitigations
+// Returns all mitigations for all hazards in a project.
+func (h *IACEHandler) ListProjectMitigations(c *gin.Context) {
+	projectID, err := uuid.Parse(c.Param("id"))
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid project ID"})
+		return
+	}
+
+	mitigations, err := h.store.ListMitigationsByProject(c.Request.Context(), projectID)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		return
+	}
+
+	if mitigations == nil {
+		mitigations = []iace.Mitigation{}
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"mitigations": mitigations,
+		"total":       len(mitigations),
+	})
+}
+
 // CreateMitigation handles POST /projects/:id/hazards/:hid/mitigations
 // Creates a new mitigation measure for a hazard.
 func (h *IACEHandler) CreateMitigation(c *gin.Context) {
@@ -88,6 +113,23 @@ func (h *IACEHandler) UpdateMitigation(c *gin.Context) {
 	c.JSON(http.StatusOK, gin.H{"mitigation": mitigation})
 }
 
+// DeleteMitigation handles DELETE /projects/:id/mitigations/:mid
+// Deletes a mitigation by ID.
+func (h *IACEHandler) DeleteMitigation(c *gin.Context) {
+	mitigationID, err := uuid.Parse(c.Param("mid"))
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid mitigation ID"})
+		return
+	}
+
+	if err := h.store.DeleteMitigation(c.Request.Context(), mitigationID); err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{"message": "mitigation deleted"})
+}
+
 // VerifyMitigation handles POST /mitigations/:mid/verify
 // Marks a mitigation as verified with a verification result.
 func (h *IACEHandler) VerifyMitigation(c *gin.Context) {