chore: remove Gemara display content from mock OCI registry

[sonupreetam]

Summary

Closes #477

• Removes all Gemara content from cmd/mock-oci-registry/ except the minimal test-branch-protection-catalog.yaml and test-branch-protection-policy.yaml used by integration tests
• Removes the enrichment endpoint (/v1/enrich) and all enrichment types/mappings from main.go
• Removes all inline YAML seeds (nist-800-53-r5, cis-benchmark, osps-b, guidance/nist) and file-based seeds (ampel-branch-protection, cis-fedora-l1-workstation)
• Updates integration_test.sh to use policies/test-branch-protection instead of the removed nist-800-53-r5, installing the test provider as complyctl-provider-ampel to match the policy's executor ID
• Updates root complytime.yaml to reference the retained test-branch-protection policy

Result: main.go shrinks from ~670 to ~255 lines. Total -4,750 lines removed.

Files deleted (5)

File	Size	Content
ampel-branch-protection-catalog.yaml	2.6 KB	Ampel branch protection catalog
ampel-branch-protection-policy.yaml	2.0 KB	Ampel branch protection policy
cis-fedora-l1-workstation-catalog.yaml	68.8 KB	CIS Fedora workstation catalog
cis-fedora-l1-workstation-policy.yaml	68.0 KB	CIS Fedora workstation policy
sample-complytime.yaml	199 B	Unused example workspace config

Files retained (2)

File	Purpose
test-branch-protection-catalog.yaml	Minimal catalog for integration tests
test-branch-protection-policy.yaml	Minimal policy for integration tests (Ampel provider)

Impact

• make test-integration: Updated — now uses policies/test-branch-protection with the test provider installed as complyctl-provider-ampel to match the policy executor
• make test-cross-repo: Unaffected — already uses policies/test-branch-protection
• make test-e2e / make test-behavioral: Unaffected — use separate in-process mocks
• org-infra reusable_compliance.yml: References policies/ampel-branch-protection — needs updating separately to use Quay.io release or test-branch-protection

Spec workflow exemption

This change was not preceded by an OpenSpec or Speckit spec workflow. Rationale:

• Purely subtractive: removes dead code and unused test data; no new features, APIs, or behavior introduced
• Well-defined scope: driven by issue Remove Complyctl mock used to display Gemara content #477, which fully describes the intent ("Remove Complyctl mock used to display Gemara content")
• No design decisions: the "what to keep" (test-branch-protection fixtures) was already established by existing cross-repo integration tests

Per AGENTS.md, spec workflows are required for non-trivial changes. While the line count is large, the change is mechanical deletion with minimal logic changes. Future cleanups of comparable scope should consider a lightweight OpenSpec proposal to formalize the rationale upfront.

Test plan

• go build ./cmd/mock-oci-registry/ compiles clean
• go vet ./cmd/mock-oci-registry/ passes
• make test-integration passes with updated policy and provider name
• make test-cross-repo passes (retained content, no changes)

[github-actions]

✅ CRAP Load Analysis: PASS

Summary

Metric	Value
Functions analysed	14
Avg complexity	2.7
Avg line coverage	0%
Avg CRAP score	12.9
CRAPload (>= 15)	3
Avg contract coverage	0%
Avg GazeCRAP score	0
GazeCRAPload (>= 15)	0
Regressions	0
Improvements	0
New functions	0

View full analysis logs

[marcusburghardt]

Review Summary

Solid cleanup PR — removes ~4,750 lines of mock Gemara content as intended by #477. Two actionable findings:

1. CI linter failure (gosec G706): The //nolint:gosec directive was dropped when the log message was renamed. Trivial fix.
2. complytime.yaml still points at localhost mock: Should reference quay.io/complytime/policies-ampel-branch-protection now that the mock content is being removed in favor of quay.io releases.

This review was generated by /review-pr (AI-assisted).

[sonupreetam]

@marcusburghardt Thank you I have taken care of the feedbacks.

[marcusburghardt]

@sonupreetam , there is a conflict. We need to rebase in order to solve it.