Add security vulnerability analysis report with 7 confirmed findings

[nassirGH]

Comprehensive penetration testing report covering critical auth bypass via Decision API header injection, SSTI via Sprig templates, SSRF via hydrator mutator, open redirect in error handler, IP ACL bypass via X-Forwarded-For spoofing, unauthenticated API info disclosure, and scheme spoofing rule bypass. Each finding includes PoC and remediation.

https://claude.ai/code/session_016YYZvF4Pgt2VtJ1oeyYK5t

Related issue(s)

Checklist

• I have read the contributing guidelines.
• I have referenced an issue containing the design document if my change
  introduces a new feature.
• I am following the
  contributing code guidelines.
• I have read the security policy.
• I confirm that this pull request does not address a security
  vulnerability. If this pull request addresses a security vulnerability, I
  confirm that I got the approval (please contact
  security@ory.com) from the maintainers to push
  the changes.
• I have added tests that prove my fix is effective or that my feature
  works.
• I have added or changed the documentation.

Further Comments

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}