Store a canonical CWE database for CSAF in the TC repo

[oxisto]

While currently trying to implement Test 6.1.11 for kotlin-csaf (csaf-sbom/kotlin-csaf#81) I was wondering, whether it would make sense to store a canonical version of the CWE database here in this repo. Most (if not all) CSAF implementations make use of this repository already for the test files and currently each library has to update the CWE list on its own, with possibly different mechanisms. Furthermore, if I read #660 correctly, we also need to even consider different versions of the CWE database (which quite frankly is quite a burden on library developers) for CSAF 2.1 (although it seems optional).

At least having these files here in this repo with a clear versioning scheme would make the life of library developers MUCH easier and ease further adoption of the CSAF standard in more ecosystems.

A better option would be to have these files somewhere pulled from https://github.com/CWE-CAPEC, but unfortunately, they are not available there in a good format.

[tschmidtb51]

I think that, if we are allowed to compile such a database (that needs to be checked with Mitre), it should be in a different repository.