feat(backend): sprint 2 — simulations + MITRE ATT&CK

- Simulation model with full field set (redteam + SOC sides) and cascade delete
- Alembic migration 0002 for simulations table
- simulation_workflow service: PATCH RBAC field-level + auto-transition pending→in_progress + state machine
- mitre service: STIX bundle loader (boot-safe) + ranked search (exact-id > prefix-id > name)
- 7 new API endpoints: list/create/get/patch/delete simulations, transition, MITRE autocomplete
- serialize_simulation added to serializers.py
- Makefile update-mitre target with real curl + optional docker restart
- Dockerfile updated to copy backend/data/ into image
- MITRE enterprise-attack.json bundle committed (~45 MB)
- 67 new tests (total 130 passing), ruff clean, mypy introduces no new errors

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Makefile

@@ -32,8 +32,16 @@ ifndef PASS
 endif
 	docker exec $(CONTAINER) flask create-admin $(USER) $(PASS)
 
+MITRE_URL ?= https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json
+
 update-mitre:
-	@echo "MITRE update: Sprint 2+"
+	@mkdir -p backend/data/mitre
+	@curl -fsSL "$(MITRE_URL)" -o backend/data/mitre/enterprise-attack.json
+	@echo "MITRE bundle updated"
+	@if docker ps --format '{{.Names}}' | grep -q "^$(CONTAINER)$$"; then \
+		echo "Restarting $(CONTAINER) to reload MITRE bundle..."; \
+		docker restart $(CONTAINER); \
+	fi
 
 test-backend:
 	docker exec $(CONTAINER) pytest -q backend/tests/