Add SBOM, symbols, traces, and VEX files for CVE-2022-21661 SQLi case

- Created CycloneDX and SPDX SBOM files for both reachable and unreachable images.
- Added symbols.json detailing function entry and sink points in the WordPress code.
- Included runtime traces for function calls in both reachable and unreachable scenarios.
- Developed OpenVEX files indicating vulnerability status and justification for both cases.
- Updated README for evaluator harness to guide integration with scanner output.

ops/devops/sealed-mode-ci/authority.harness.yaml

@@ -0,0 +1,54 @@
+schemaVersion: 1
+issuer: http://authority.sealed-ci.local
+accessTokenLifetime: 00:02:00
+refreshTokenLifetime: 01:00:00
+identityTokenLifetime: 00:05:00
+authorizationCodeLifetime: 00:05:00
+deviceCodeLifetime: 00:15:00
+pluginDirectories:
+  - /app
+plugins:
+  configurationDirectory: /app/plugins
+  descriptors:
+    standard:
+      type: standard
+      assemblyName: StellaOps.Authority.Plugin.Standard
+      enabled: true
+      configFile: standard.yaml
+storage:
+  connectionString: mongodb://sealedci:sealedci@mongo:27017/authority?authSource=admin
+  databaseName: authority
+  commandTimeout: 00:00:30
+signing:
+  enabled: true
+  activeKeyId: sealed-ci
+  keyPath: /certificates/authority-signing-dev.pem
+  algorithm: ES256
+  keySource: file
+bootstrap:
+  enabled: false
+crypto:
+  providers: []
+security:
+  senderConstraints:
+    dpop:
+      enabled: true
+      proofLifetime: 00:02:00
+      replayWindow: 00:05:00
+      nonce:
+        enabled: false
+    mtls:
+      enabled: false
+airGap:
+  egress:
+    mode: Sealed
+    allowLoopback: true
+    allowPrivateNetworks: true
+    remediationDocumentationUrl: https://docs.stella-ops.org/airgap/sealed-ci
+    supportContact: airgap-ops@stella-ops.org
+tenants:
+  - name: sealed-ci
+    roles:
+      operators:
+        scopes:
+          - policy:read