Add SBOM, symbols, traces, and VEX files for CVE-2022-21661 SQLi case

- Created CycloneDX and SPDX SBOM files for both reachable and unreachable images.
- Added symbols.json detailing function entry and sink points in the WordPress code.
- Included runtime traces for function calls in both reachable and unreachable scenarios.
- Developed OpenVEX files indicating vulnerability status and justification for both cases.
- Updated README for evaluator harness to guide integration with scanner output.

src/__Libraries/StellaOps.Cryptography/CryptoProviderMetrics.cs

@@ -0,0 +1,30 @@
+using System.Collections.Generic;
+using System.Diagnostics.Metrics;
+
+namespace StellaOps.Cryptography;
+
+internal static class CryptoProviderMetrics
+{
+    private static readonly Meter Meter = new("stellaops.crypto", "1.0.0");
+    private static readonly Counter<long> ProviderResolutionCounter =
+        Meter.CreateCounter<long>("crypto_provider_resolutions_total", description: "Count of successful provider resolutions.");
+
+    private static readonly Counter<long> ProviderResolutionFailureCounter =
+        Meter.CreateCounter<long>("crypto_provider_resolution_failures_total", description: "Count of failed provider resolutions.");
+
+    public static void RecordProviderResolution(string providerName, CryptoCapability capability, string algorithmId)
+    {
+        ProviderResolutionCounter.Add(1,
+            new KeyValuePair<string, object?>("provider", providerName),
+            new KeyValuePair<string, object?>("capability", capability.ToString()),
+            new KeyValuePair<string, object?>("algorithm", algorithmId));
+    }
+
+    public static void RecordProviderResolutionFailure(CryptoCapability capability, string algorithmId)
+    {
+        ProviderResolutionFailureCounter.Add(1,
+            new KeyValuePair<string, object?>("capability", capability.ToString()),
+            new KeyValuePair<string, object?>("algorithm", algorithmId));
+    }
+}
+