Add receipt input JSON and SHA256 hash for CVSS policy scoring tests

- Introduced a new JSON fixture `receipt-input.json` containing base, environmental, and threat metrics for CVSS scoring.
- Added corresponding SHA256 hash file `receipt-input.sha256` to ensure integrity of the JSON fixture.

bench/reachability-benchmark/cases/c/memcpy-overflow/outputs/sbom.cdx.json

@@ -0,0 +1,14 @@
+{
+  "bomFormat": "CycloneDX",
+  "components": [],
+  "metadata": {
+    "component": {
+      "name": "memcpy-overflow",
+      "type": "application",
+      "version": "1.0.0"
+    },
+    "timestamp": "1970-01-01T00:00:00Z"
+  },
+  "specVersion": "1.5",
+  "version": 1
+}