Enable STIR/SHAKEN card in compliance checker with originate/terminate toggle

- Uncomment STIR/SHAKEN check in fcc-lookup.ts — shows self-reported
  implementation status from RMD filing
- Add toggle: "Do you originate calls or only terminate?"
  - Terminate only → green, signing cert not required, file RMD as
    partial implementation
  - Originate or both → red, must have own STI certificate as of
    June 2025
- Toggle integrates with pending-question system (CTA waits for answer)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

api/src/routes/fcc-lookup.ts

@@ -367,18 +367,16 @@ router.get("/api/v1/fcc/lookup", async (req, res) => {
       ssDetail = "Cannot determine — no RMD filing found for this FRN. Verify STIR/SHAKEN status directly.";
     }
 
-    // STIR/SHAKEN hidden until STI-PA API access is operational.
-    // The check runs internally (ssStatus/ssDetail computed above) but
-    // is not exposed to the customer-facing compliance dashboard.
-    // Uncomment when iConectiv IP whitelist is approved.
-    // checks.push({
-    //   id: "stir_shaken",
-    //   label: "STIR/SHAKEN Compliance",
-    //   status: ssStatus,
-    //   detail: ssDetail,
-    //   action_url: null,
-    //   due_date: null,
-    // });
+    // STIR/SHAKEN — show based on RMD self-reported implementation status.
+    // Note: this is NOT verified against the STI-PA certificate authority.
+    checks.push({
+      id: "stir_shaken",
+      label: "STIR/SHAKEN Call Authentication",
+      status: ssStatus,
+      detail: ssDetail,
+      action_url: null,
+      due_date: null,
+    });
 
     // 4. CPNI Annual Certification
     //