Improvements to security evidence for runtime components

[stefanobaghino-da]

The following improvements have been deemed necessary to improve our current security evidencing effort:

• provide a document for each component that establishes the threat model under which the security evidencing is conducted
• make the information available together with the one provided by the Canton and Ledgers team as a CSV file bundled with every release, to which the documentation points
• do a best effort to re-categorize annotated tests under the following categories:
  • Authentication
  • Authorization
  • Confidentiality
  • Integrity
  • Availability
  • Non-Repudiation
  • Resilience
• present the information clearly grouping the components for which the evidence of testing is presented (i.e. it should be clear whether the test is about the Daml Engine, or the HTTP JSON API Service, or whatever else).

This ticket can be subdivided into smaller ones to more easily divide tasks within the team, but I would recommend keeping track of those here for ease of reference.