Centralize product requirements to simplify ticking off the architecture discussions against the need they will fufill

The following discussion from !12117 (merged) should be addressed.

In essence, we have a variety of locations in which product requirements are being discussed and described, but to ensure we've accounted for as much as possible, it would be ideal to try to break these needs down into a checklist or table that we can then use to explain how the the chosen or planned architecture will fulfill that need.

Table is WIP.

Source gitlab-org&3430

Requirement	How the architecture will fulfill this requirement
Release attestation	🟢 Enabling users to export their vulnerability report for a given branch/tag/etc .
Reporting on Developer Behavior What vulns 'never' get merged What branches are more vulnerable than not	🔴 Clarification needed. Do we mean vulns that are never merged because they're always caught, or something else? 🟢 We can aggregate statistics about vulnerabilities per branch to provide this information.
Improve vulnerability history for developers	🟢 By tracking vulnerabilities in branches before they're merged, we should theoretically be able to improve the historical tracking of vulnerabilities for developers to better understand when that vulnerability entered the codebase.
Improve security policies (for new and old vulns)	🔴 Clarification needed. How do we want tracking vulnerabilities across multiple branches to improve security policies?
Secure Dev, QA, and Prod	🟢 Having knowledge of the vulnerability estate across multiple critical branches should help quite a bit in this regard.