docs(plugin): add manual validation guidance for security policy compliance (SANS-FW-011)

[unclesp1d3r]

Summary

SANS-FW-011 (Security Policy Compliance) always returns UNKNOWN because this is a procedural/organizational control that requires manual verification against the organization's security policy.

Suggested Manual Validation Steps

1. Obtain the organization's firewall security policy document
2. Compare current ruleset against documented policy requirements
3. Verify policy review schedule (annual minimum per SANS checklist)
4. Confirm policy change management process is followed
5. Check that policy exceptions are documented and approved

Related

• feat(plugin): report compliant controls alongside findings in blue mode reports #456 — parent compliance feature
• docs(plugin): add manual validation guidance for vulnerability testing (SANS-FW-010) #506 — vulnerability testing manual guidance (same pattern)