feat: add quantum threat timeline estimator

[leoneperdigao]

Description

Implement a timeline estimation module based on Mosca's inequality and configurable quantum threat scenarios. This module answers the critical question: "When do we need to start migrating?" by comparing migration timelines against projected quantum computing capabilities.

Tasks

• Implement Mosca's inequality: migration_time + data_shelf_life > quantum_threat_timeline -> system is at risk
  • Input: estimated migration time per component
  • Input: data shelf life (how long data must remain confidential)
  • Input: quantum threat timeline (when a CRQC becomes available)
• Support configurable quantum threat timeline scenarios:
  • Optimistic: CRQC available sooner (e.g., 2030-2033)
  • Moderate: CRQC available mid-range (e.g., 2033-2038)
  • Pessimistic: CRQC available later (e.g., 2038-2045)
  • Custom scenario support
• Factor in organization's migration capacity and complexity:
  • Number of systems to migrate
  • Dependency chains between systems
  • Available security engineering resources
  • Testing and validation requirements
• Generate urgency classification per component:
  • Immediate: already at risk or within 2 years
  • Near-term: at risk within 2-5 years
  • Long-term: at risk within 5-10 years
  • Low priority: not at risk within 10 years
• Generate visual timeline showing when each component becomes at-risk under each scenario

References

• Michele Mosca, "Cybersecurity in an Era with Quantum Computers" (2018)
• Global Risk Institute Quantum Threat Timeline reports
• Depends on: assessment engine (feat: implement quantum vulnerability assessment engine #4)