Add SBOM, symbols, traces, and VEX files for CVE-2022-21661 SQLi case

- Created CycloneDX and SPDX SBOM files for both reachable and unreachable images.
- Added symbols.json detailing function entry and sink points in the WordPress code.
- Included runtime traces for function calls in both reachable and unreachable scenarios.
- Developed OpenVEX files indicating vulnerability status and justification for both cases.
- Updated README for evaluator harness to guide integration with scanner output.

src/Concelier/__Tests/StellaOps.Concelier.Connector.Ics.Cisa.Tests/IcsCisa/IcsCisaConnectorMappingTests.cs

@@ -91,7 +91,7 @@ public class IcsCisaConnectorMappingTests
         Assert.Equal("ControlSuite", productPackage.Identifier);
         var range = Assert.Single(productPackage.VersionRanges);
         Assert.Equal("product", range.RangeKind);
-        Assert.Equal("4.2.0", range.RangeExpression);
+        Assert.Equal("4.2", range.RangeExpression);
         Assert.NotNull(range.Primitives);
         Assert.Equal("Example Corp", range.Primitives!.VendorExtensions!["ics.vendors"]);
         Assert.Equal("ControlSuite", range.Primitives.VendorExtensions!["ics.product"]);
@@ -129,7 +129,7 @@ public class IcsCisaConnectorMappingTests
         var productPackage = Assert.Single(packages);
         Assert.Equal("Control Suite Firmware", productPackage.Identifier);
         var range = Assert.Single(productPackage.VersionRanges);
-        Assert.Equal("1.0.0 - 2.0.0", range.RangeExpression);
+        Assert.Equal("1.0 - 2.0", range.RangeExpression);
         Assert.NotNull(range.Primitives);
         Assert.Equal("ics-cisa:ICSA-25-789-03:control-suite-firmware", range.Provenance.Value);
         var rule = Assert.Single(productPackage.NormalizedVersions);