Add SBOM, symbols, traces, and VEX files for CVE-2022-21661 SQLi case

- Created CycloneDX and SPDX SBOM files for both reachable and unreachable images.
- Added symbols.json detailing function entry and sink points in the WordPress code.
- Included runtime traces for function calls in both reachable and unreachable scenarios.
- Developed OpenVEX files indicating vulnerability status and justification for both cases.
- Updated README for evaluator harness to guide integration with scanner output.

src/__Libraries/StellaOps.Cryptography/CryptoProviderRegistry.cs

@@ -64,10 +64,12 @@ public sealed class CryptoProviderRegistry : ICryptoProviderRegistry
         {
             if (provider.Supports(capability, algorithmId))
             {
+                CryptoProviderMetrics.RecordProviderResolution(provider.Name, capability, algorithmId);
                 return provider;
             }
         }
 
+        CryptoProviderMetrics.RecordProviderResolutionFailure(capability, algorithmId);
         throw new InvalidOperationException(
             $"No crypto provider is registered for capability '{capability}' and algorithm '{algorithmId}'.");
     }
@@ -88,11 +90,13 @@ public sealed class CryptoProviderRegistry : ICryptoProviderRegistry
             }
 
             var signer = hinted.GetSigner(algorithmId, keyReference);
+            CryptoProviderMetrics.RecordProviderResolution(hinted.Name, capability, algorithmId);
             return new CryptoSignerResolution(signer, hinted.Name);
         }
 
         var provider = ResolveOrThrow(capability, algorithmId);
         var resolved = provider.GetSigner(algorithmId, keyReference);
+        CryptoProviderMetrics.RecordProviderResolution(provider.Name, capability, algorithmId);
         return new CryptoSignerResolution(resolved, provider.Name);
     }