feat(security): add project threat self-assessment (cloudnative-pg#10304)

Introduce a Gemara-compatible threat assessment in
`.github/threat-assessment.yaml`. This document maps CloudNativePG
capabilities and threats to the FINOS Common Cloud Controls (CCC) Core
v2025.10.

Updated `SECURITY-INSIGHTS.yml` to reference the new assessment.

Assisted-by: Claude

Closes cloudnative-pg#10059

Signed-off-by: Gabriele Bartolini <gabriele.bartolini@enterprisedb.com>
Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
Co-authored-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
(cherry picked from commit 675e55f)

Author: gbartolini