Is your enhancement proposal related to a problem? Please describe.

People using Zephyr to build products might have questions/concerns regarding compliance with the Cyber Resilience Act (CRA). They may need guidance on how Zephyr's features and processes align with the CRA requirements, and what tools (ex. SBOM generation) are available to them.

Describe the solution you'd like

Add some blurb (in the form of an FAQ?) to https://docs.zephyrproject.org/latest/security/standards/index.html

Describe alternatives you've considered

We don't do anything, but people may then assume project "doesn't care" about CRA (and maybe we don't btw, I don't know, that's likely for the Governing Board, Security WG, and TSC to decide)

Additional context

N/A

cc @kestewart @ceolin