Incorrect / Inconsistent Risk References in Spec

[Sven-NOM]

Incorrect risk ID links and mismatched references across requirements

Description
Multiple requirements in spec-update-draft.html reference incorrect or mismatched risk IDs. In several places, the visible risk label does not match the linked anchor, or the same risk is duplicated unintentionally.

Affected sections & examples

• as for DOW16 they are not only duplicated, but also both references DOW18
• In req-maintain-records: DOW16 is listed twice. Furthermore, the text says DOW16 but it links to #risk-dow-18 (which is HCK4 in the risk table).
• In req-maintain-records: GIR2. The text says GIR2 but links to GIR25
• In req-check-vulnerabilities: SLS6. Text says SLS6 but links to #risk-sls-16
• In sec-mit-protect-against-malware: [GIR15] is repeated 5 times in the risk list.
• In req-code-testing: [GIR21] is listed twice.
• In req-enable-rollback: FIN, FIN, FIN. The text labels are missing the numbers (just says "FIN"), making them indistinguishable in the text.

Expected outcome / acceptance criteria
All risk references:
• Appear only once unless intentional.
• Have matching visible labels and anchor links.
• Correctly map to the intended entry in the risk table.
• No requirement references a different risk ID than the one shown in the text.

[Sven-NOM]

Risk reference fixes (issues #130 and #134)

• Fixed label/link mismatches (DOW16→DOW18, GIR2→GIR25, FIN7→FIN6, etc.)
• Removed duplicate risk entries (GIR15 x5, GIR21 x2, SLS3 x2, FIN1 x2)
• Added missing numbers to FIN labels
• Removed obsolete SLS16 reference