feat: add comprehensive smoke test suite + rename docs week folders to descriptive slugs

[Copilot]

Renames all docs/weekN/ folders to zero-padded descriptive slugs and introduces a self-contained 212-test smoke test suite that validates the entire portfolio without a real AWS account or running LocalStack.

Folder renames

Before	After
docs/week1	docs/01-aws-fundamentals
docs/week2	docs/02-logging-and-visibility
docs/week3	docs/03-terraform-fundamentals
docs/week4	docs/04-devsecops-guardrails
docs/week5	docs/05-secure-network-identity
docs/week6	docs/06-observability-hardening
docs/week8	docs/08-high-availability
docs/week9	docs/09-security-automation-soar
docs/week10	docs/10-dfir-forensics
docs/week11	docs/11-enterprise-governance

Broken image/path references in s3-secure-storage/README.md, governance/README.md, and docs/02-logging-and-visibility/security-visibility-readme.md updated accordingly.

Smoke test (smoke_test.py)

Single-file, zero-cloud-cost test runner. Requires only pyyaml + automation/requirements.txt (boto3, pytest, moto).

python smoke_test.py               # full suite — 212 tests in ~3s
python smoke_test.py --skip-tests  # structural checks only, no pytest
python smoke_test.py --verbose     # show pass detail

13 suites covering every project:

• Repo structure — all project dirs, root files, CI workflow present
• aws-foundation / s3-secure-storage / security-stack / ha-aws-architecture — Terraform resource blocks, security controls (IMDSv2, EBS encryption, KMS CMK, TLS-only policy, versioning, 4-setting public block, WAFv2 rules, multi-AZ ALB, ASG scaling policies, HTTP→HTTPS 301)
• governance — SCP JSON files valid + correct action lists; SCPs attached at org ROOT not OU level
• Terraform modules — all 5 modules have required files; dual-AZ subnets, scoped KMS principals, multi-region CloudTrail, GuardDuty enabled
• SOAR automation — 7 functions + 3 custom exceptions present, dry-run/cleanup CLI flags, NACL DENY rule parameters; then executes the full pytest/moto suite (11 unit tests, no real AWS)
• DFIR forensics — parses auth.log and asserts all four MITRE ATT&CK phases are present in correct chronological order (T1110.001 brute-force ≥10 events, T1078 breach, T1136.001 UID=0 backdoor, T1560.001 tar exfil)
• K8s ecommerce — all 5 manifests parse as valid YAML with correct apiVersion/kind; security context hardening (non-root, read-only FS, all caps dropped, seccomp); HPA 2→10 with stabilisation windows; zero-trust NetworkPolicy; Ingress rate-limiting + security headers; email-service Dockerfile non-root + gunicorn
• CI/CD pipeline — 4 jobs present, push+PR triggers, contents: read permissions, SARIF upload, Trivy exit-code: '1' hard gate
• Documentation — 3 ADRs, 9 reality-check files, all 10 renamed slug folders
• Security hygiene — cross-repo scan: no real AWS key patterns in any .tf file, IMDSv2 enforced on every aws_instance/aws_launch_template, EBS encrypted everywhere, KMS rotation on every aws_kms_key, public-access block alongside every aws_s3_bucket