Add soc2-iso27001-controls-mapping skill

[brs191]

Pull Request Checklist

• I have read and followed the CONTRIBUTING.md guidelines.
• I have read and followed the Guidance for submissions involving paid services.
• My contribution adds a new skill file in the correct directory.
• The file follows the required naming convention.
• The content is clearly structured and follows the example format.
• I have tested my skill with GitHub Copilot.
• I have run npm start and verified that README.md is up to date.
• I am targeting the staged branch for this pull request.

Description

Adds soc2-iso27001-controls-mapping — a skill for mapping SOC 2 Trust
Services Criteria and ISO 27001 Annex A controls to a real cloud stack.

The collection has agent-security compliance checks (OWASP ASI) but nothing
covering SOC 2 / ISO 27001 audit preparation, which is the compliance work
most engineering teams actually face. This skill teaches the evidence-chain
method — every control needs a technical implementation, an evidence source,
and an auditor-readable artifact — plus a framework selector, control-mapping
walk, gap analysis, and a worked Type II readiness example.

References include per-criterion implementation hooks for all of CC1–CC9
(plus Availability, Confidentiality, Processing Integrity, Privacy), the full
ISO 27001:2022 Annex A mapping with SoA template and 2013→2022 transition
notes, and a worked Azure evidence reference with per-control KQL queries,
Defender for Cloud compliance pulls, and Terraform state queries. The core
method is stack-agnostic; AWS/GCP equivalents are noted.

Type of Contribution

• New skill file.

Additional Notes

npm run skill:validate passes (355 skills valid). The README row was
generated via eng/update-readme.mjs, not hand-edited. No paid services
required: the skill references standard cloud-platform tooling; the Azure
evidence reference notes where features need specific Defender plans.