Add receipt input JSON and SHA256 hash for CVSS policy scoring tests

- Introduced a new JSON fixture `receipt-input.json` containing base, environmental, and threat metrics for CVSS scoring.
- Added corresponding SHA256 hash file `receipt-input.sha256` to ensure integrity of the JSON fixture.

bench/reachability-benchmark/schemas/case.schema.yaml

@@ -11,6 +11,8 @@ required:
   - environment
   - build
   - test
+  - sandbox
+  - redaction
 properties:
   id:
     type: string
@@ -53,7 +55,7 @@ properties:
           description: Fully-qualified function/method path for the sink
         kind:
           type: string
-          enum: [http, file, crypto, process, deserialization, custom]
+          enum: [http, file, crypto, process, deserialization, custom, command, memory]
         location:
           type: object
           required: [file]
@@ -84,6 +86,14 @@ properties:
       source_date_epoch:
         type: integer
         minimum: 0
+      resource_limits:
+        type: object
+        additionalProperties: false
+        properties:
+          cpu:
+            type: string
+          memory:
+            type: string
   build:
     type: object
     required: [command, source_date_epoch]
@@ -110,6 +120,8 @@ properties:
             type: string
           traces_dir:
             type: string
+          attestation_path:
+            type: string
   test:
     type: object
     required: [command]
@@ -142,4 +154,22 @@ properties:
           type: string
       notes:
         type: string
+  sandbox:
+    type: object
+    additionalProperties: false
+    properties:
+      network:
+        type: string
+        enum: [none, loopback, local]
+      privileges:
+        type: string
+        enum: [rootless, root]
+  redaction:
+    type: object
+    additionalProperties: false
+    properties:
+      pii:
+        type: boolean
+      policy:
+        type: string
 additionalProperties: false