Add SBOM, symbols, traces, and VEX files for CVE-2022-21661 SQLi case

- Created CycloneDX and SPDX SBOM files for both reachable and unreachable images.
- Added symbols.json detailing function entry and sink points in the WordPress code.
- Included runtime traces for function calls in both reachable and unreachable scenarios.
- Developed OpenVEX files indicating vulnerability status and justification for both cases.
- Updated README for evaluator harness to guide integration with scanner output.

src/Policy/StellaOps.Policy.Gateway/Contracts/PolicyPackContracts.cs

@@ -1,45 +1,45 @@
-using System;
-using System.Collections.Generic;
-using System.ComponentModel.DataAnnotations;
-
-namespace StellaOps.Policy.Gateway.Contracts;
-
-public sealed record PolicyPackSummaryDto(
-    string PackId,
-    string? DisplayName,
-    DateTimeOffset CreatedAt,
-    IReadOnlyList<int> Versions);
-
-public sealed record PolicyPackDto(
-    string PackId,
-    string? DisplayName,
-    DateTimeOffset CreatedAt,
-    IReadOnlyList<PolicyRevisionDto> Revisions);
-
-public sealed record PolicyRevisionDto(
-    int Version,
-    string Status,
-    bool RequiresTwoPersonApproval,
-    DateTimeOffset CreatedAt,
-    DateTimeOffset? ActivatedAt,
-    IReadOnlyList<PolicyActivationApprovalDto> Approvals);
-
-public sealed record PolicyActivationApprovalDto(
-    string ActorId,
-    DateTimeOffset ApprovedAt,
-    string? Comment);
-
-public sealed record PolicyRevisionActivationDto(
-    string Status,
-    PolicyRevisionDto Revision);
-
-public sealed record CreatePolicyPackRequest(
-    [StringLength(200)] string? PackId,
-    [StringLength(200)] string? DisplayName);
-
-public sealed record CreatePolicyRevisionRequest(
-    int? Version,
-    bool RequiresTwoPersonApproval,
-    string InitialStatus = "Approved");
-
-public sealed record ActivatePolicyRevisionRequest(string? Comment);
+using System;
+using System.Collections.Generic;
+using System.ComponentModel.DataAnnotations;
+
+namespace StellaOps.Policy.Gateway.Contracts;
+
+public sealed record PolicyPackSummaryDto(
+    string PackId,
+    string? DisplayName,
+    DateTimeOffset CreatedAt,
+    IReadOnlyList<int> Versions);
+
+public sealed record PolicyPackDto(
+    string PackId,
+    string? DisplayName,
+    DateTimeOffset CreatedAt,
+    IReadOnlyList<PolicyRevisionDto> Revisions);
+
+public sealed record PolicyRevisionDto(
+    int Version,
+    string Status,
+    bool RequiresTwoPersonApproval,
+    DateTimeOffset CreatedAt,
+    DateTimeOffset? ActivatedAt,
+    IReadOnlyList<PolicyActivationApprovalDto> Approvals);
+
+public sealed record PolicyActivationApprovalDto(
+    string ActorId,
+    DateTimeOffset ApprovedAt,
+    string? Comment);
+
+public sealed record PolicyRevisionActivationDto(
+    string Status,
+    PolicyRevisionDto Revision);
+
+public sealed record CreatePolicyPackRequest(
+    [StringLength(200)] string? PackId,
+    [StringLength(200)] string? DisplayName);
+
+public sealed record CreatePolicyRevisionRequest(
+    int? Version,
+    bool? RequiresTwoPersonApproval,
+    string InitialStatus = "Approved");
+
+public sealed record ActivatePolicyRevisionRequest(string? Comment);