Risk analysis on our infrastructure

Audit the risks the project is facing and prioritize mitigations.
Loosely based on OCTAVE/Allegro, this would involve:

• #18057 (closed) establishing risk measurement criteria
• #18056 (closed) identifying assets and their criteria (confidentiality/availability/integrity)
• establishing threat trees
• calculate risks as the product of probability and impact of threat scenario’s
• identify possible mitigations
• create gitlab issues for mitigations
• document risk severity for each mitigation
• write a report/summary

Related issues

• Blocks tails#9802
• Blocks #16956 (closed)

Note: For S11, this fits in:

• B.2 - Keep our infrastructure up-to-date and secure: Conducting a Risk analysis is essential for developing and implementing security policies to keep the infra secure.