Add SBOM, symbols, traces, and VEX files for CVE-2022-21661 SQLi case

- Created CycloneDX and SPDX SBOM files for both reachable and unreachable images.
- Added symbols.json detailing function entry and sink points in the WordPress code.
- Included runtime traces for function calls in both reachable and unreachable scenarios.
- Developed OpenVEX files indicating vulnerability status and justification for both cases.
- Updated README for evaluator harness to guide integration with scanner output.

src/Concelier/__Libraries/StellaOps.Concelier.Connector.Cccs/Configuration/CccsOptions.cs

@@ -125,11 +125,16 @@ public sealed class CccsFeedEndpoint
             throw new InvalidOperationException("Feed endpoint URI must be configured before building taxonomy URI.");
         }
 
-        var language = Uri.GetQueryParameterValueOrDefault("lang", Language);
-        var builder = $"https://www.cyber.gc.ca/api/cccs/taxonomy/v1/get?lang={language}&vocabulary=cccs_alert_type";
-        return new Uri(builder, UriKind.Absolute);
-    }
-}
+        var language = Uri.GetQueryParameterValueOrDefault("lang", Language);
+        var taxonomyBuilder = new UriBuilder(Uri)
+        {
+            Path = "/api/cccs/taxonomy/v1/get",
+            Query = $"lang={language}&vocabulary=cccs_alert_type"
+        };
+
+        return taxonomyBuilder.Uri;
+    }
+}
 
 internal static class CccsUriExtensions
 {