Bug fixes

• Control Tower enabled control discovery has been fixed to correctly match objectives via controlGlobalId static mappings — a property name mismatch (argument vs arguments) caused all matches to silently fail. The requirePermissionBoundariesForPrivilegedAwsIamRoles objective now declares iam:PermissionsBoundary as a required condition, improving SCP scoring accuracy for negated condition operators. Event data synced for 15 objectives. Unenforced RDS cluster actions and dead s3:CreateMultipartUpload action removed from example SCPs.