feat: add STRIDE-Q threat model integration

[leoneperdigao]

Description

Extend the classical STRIDE threat modeling framework with quantum-specific threat categories (STRIDE-Q). This integrates quantum threats into the familiar STRIDE methodology that security teams already use, making quantum risk assessment accessible within existing threat modeling workflows.

Tasks

• Implement STRIDE-Q threat categories:
  • Q-Spoofing: forging digital signatures broken by Shor's algorithm (RSA, ECDSA, EdDSA)
  • Q-Information Disclosure: decrypting stored/captured data using future quantum computers (harvest now, decrypt later / HNDL attack)
  • Q-Tampering: breaking integrity mechanisms (HMAC with weak keys, digital signatures) to modify data undetected
  • Q-Repudiation: breaking non-repudiation guarantees when signing algorithms are compromised
  • Q-Denial of Service: not directly quantum-affected, but note interaction with crypto agility requirements
  • Q-Elevation of Privilege: breaking authentication mechanisms that rely on quantum-vulnerable crypto
• Generate STRIDE-Q threat matrix per component in the architecture
• Score each STRIDE-Q threat by likelihood and impact
• Support import from Microsoft Threat Modeling Tool format (.tm7)
• Support export to Microsoft Threat Modeling Tool format
• Generate STRIDE-Q summary report

References

• Microsoft STRIDE framework
• Microsoft Threat Modeling Tool
• Depends on: assessment engine (feat: implement quantum vulnerability assessment engine #4), knowledge base (feat: build quantum threat knowledge base #3)