Add SBOM, symbols, traces, and VEX files for CVE-2022-21661 SQLi case

- Created CycloneDX and SPDX SBOM files for both reachable and unreachable images.
- Added symbols.json detailing function entry and sink points in the WordPress code.
- Included runtime traces for function calls in both reachable and unreachable scenarios.
- Developed OpenVEX files indicating vulnerability status and justification for both cases.
- Updated README for evaluator harness to guide integration with scanner output.

etc/rootpack/ru/crypto.profile.yaml

@@ -0,0 +1,30 @@
+StellaOps:
+  Crypto:
+    Registry:
+      ActiveProfile: ru-offline
+      PreferredProviders:
+        - default
+      Profiles:
+        ru-offline:
+          PreferredProviders:
+            - ru.cryptopro.csp
+            - ru.pkcs11
+    CryptoPro:
+      Keys:
+        - KeyId: ru-csp-default
+          LibraryPath: /opt/cprocsp/lib/amd64/libcapi20.so
+          ContainerLabel: CN=RootPack Signing
+          CertificateThumbprint: "<thumbprint>"
+    Pkcs11:
+      Keys:
+        - KeyId: ru-token-default
+          LibraryPath: /usr/local/lib/librutokenecp.so
+          SlotId: "0x1"
+          Pin: "${PKCS11_PIN}"
+          PrivateKeyLabel: rootpack-signing
+          CertificateThumbprint: "<thumbprint>"
+    Diagnostics:
+      Providers:
+        Enabled: true
+        Metrics:
+          LogLevel: Information