Revisit Control Objectives to separate from assessment criteria

[evankanderson]

From the 2025-11-25 meeting:

@eddie-knight would like control objectives to focus more on objectives and less on defining requirements. Example:

"Ensure that there is no MITM modification of assets distributed by the project" (proposed)

vs

"All official project URIs MUST be delivered using encrypted channels" (current)

[eddie-knight]

Thanks for tracking this for me! I'll work to re-draft all of the objective statements before the end of the month.