Add SBOM, symbols, traces, and VEX files for CVE-2022-21661 SQLi case

- Created CycloneDX and SPDX SBOM files for both reachable and unreachable images.
- Added symbols.json detailing function entry and sink points in the WordPress code.
- Included runtime traces for function calls in both reachable and unreachable scenarios.
- Developed OpenVEX files indicating vulnerability status and justification for both cases.
- Updated README for evaluator harness to guide integration with scanner output.

src/__Libraries/StellaOps.Cryptography.Plugin.Pkcs11Gost/Pkcs11GostProviderOptions.cs

@@ -0,0 +1,27 @@
+using System.Collections.Generic;
+
+namespace StellaOps.Cryptography.Plugin.Pkcs11Gost;
+
+/// <summary>
+/// Configuration surface for the PKCS#11-based GOST provider.
+/// </summary>
+public sealed class Pkcs11GostProviderOptions
+{
+    private readonly IList<Pkcs11GostKeyOptions> keys = new List<Pkcs11GostKeyOptions>();
+
+    /// <summary>
+    /// Key descriptors managed by the provider.
+    /// </summary>
+    public IList<Pkcs11GostKeyOptions> Keys => keys;
+
+    public Pkcs11GostProviderOptions Clone()
+    {
+        var clone = new Pkcs11GostProviderOptions();
+        foreach (var key in keys)
+        {
+            clone.Keys.Add(key.Clone());
+        }
+
+        return clone;
+    }
+}