chore(actions): add pr-check-compliance-mapping action

[pedrooot]

Description

• Adds a new GitHub Action (pr-check-compliance-mapping.yml) that detects when a PR introduces new checks and verifies whether they have been mapped to compliance framework requirements within the same PR
• Posts an informational PR comment listing unmapped and mapped checks, and adds a needs-compliance-review label when new checks are not referenced in any modified compliance JSON
• Can be skipped with the no-compliance-check label

Why

When a new check is added to Prowler, it should be evaluated for inclusion in one or more compliance framework requirements (e.g., CIS, ISO 27001, MITRE ATT&CK). Each compliance JSON in prowler/compliance/<provider>/ contains a Checks array per requirement that maps checks to framework controls. Without an automated reminder, new checks can be merged without compliance mappings, leaving frameworks incomplete.

How it works

1. Detects newly added .metadata.json files under prowler/providers/**/services/**/ (indicates a new check)
2. Extracts the CheckID from each metadata file and the provider from the file path
3. Scans compliance JSON files modified in the same PR for references to the new check ID
4. Posts an idempotent PR comment with the results and manages the needs-compliance-review label accordingly

This action is non-blocking — it alerts but does not prevent merging.

Steps to review

Please add a detailed description of how to review this PR.

Checklist

Community Checklist

• This feature/issue is listed in here or roadmap.prowler.com
• Is it assigned to me, if not, request it via the issue/feature in here or Prowler Community Slack

• Review if the code is being covered by tests.
• Review if code is being documented following this specification https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings
• Review if backport is needed.
• Review if is needed to change the Readme.md
• Ensure new entries are added to CHANGELOG.md, if applicable.

SDK/CLI

• Are there new checks included in this PR? Yes / No
  • If so, do we need to update permissions for the provider? Please review this carefully.

UI

• All issue/task requirements work as expected on the UI
• Screenshots/Video of the functionality flow (if applicable) - Mobile (X < 640px)
• Screenshots/Video of the functionality flow (if applicable) - Table (640px > X < 1024px)
• Screenshots/Video of the functionality flow (if applicable) - Desktop (X > 1024px)
• Ensure new entries are added to CHANGELOG.md, if applicable.

API

• All issue/task requirements work as expected on the API
• Endpoint response output (if applicable)
• EXPLAIN ANALYZE output for new/modified queries or indexes (if applicable)
• Performance test results (if applicable)
• Any other relevant evidence of the implementation (if applicable)
• Verify if API specs need to be regenerated.
• Check if version updates are required (e.g., specs, Poetry, etc.).
• Ensure new entries are added to CHANGELOG.md, if applicable.

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[github-actions]

✅ All necessary CHANGELOG.md files have been updated.

[github-actions]

✅ Conflict Markers Resolved

All conflict markers have been successfully resolved in this pull request.

[danibarranqueroo]

🚀