docs: clarify Compliance Hub prerequisites and security role requirements

[denise-msft]

Summary

Fixes #633

This is a documentation gap, not a bug. The issue reports that the Compliance Hub is accessible to users with the CSK - Administrator role, while the docs only mention \System Administrator role in the target environment\ under prerequisites — making it unclear whether System Admin is required for ongoing use.

Root Cause

After reviewing the solution's security role definitions in SECURITY_ROLES.md:

• CSK - Administrator has full Organization-level access to all compliance tables (Compliance Case, Agent Fact Row Counts, Threshold Config, Action Policy)
• CSK - Maker has no access to any compliance tables
• There is no separate Compliance Hub security role — access is governed entirely by the CSK roles

The behavior reported in #633 (CSK - Administrator can access the Compliance Hub) is correct and expected. The System Administrator role is only required for initial installation and setup of the solution, not for day-to-day Compliance Hub operations.

Changes

• Split the prerequisites permissions section into setup vs ongoing use to clarify when System Admin is needed vs when CSK - Administrator suffices
• Added a cross-reference to SECURITY_ROLES.md for full role details
• Clarified in the Administrator persona section that CSK - Administrator grants org-level compliance table access
• Clarified in the Maker persona section that CSK - Maker does not have compliance table access