Add Ability to Capture Threat "Score" on TTP

[ikiril01]

We should consider adding the ability to capture one or more threat "scores" (or levels, etc.) as part of a TTP. While this would be arbitrary and highly contextually dependent, the ability to score threats in this manner may be useful to support existing use cases, e.g., around scoring "how" malicious a particular binary is.

[athiasjerome]

Investigate use of Risk, Impact, Damage, Vulnerability (e.g.: CVSS) etc. scores/formulas

[athiasjerome]

A potential scoring methodology could be based on TARA https://www.mitre.org/publications/technical-papers/threat-assessment--remediation-analysis-tara However the Asset Classes/Categories would be difficult to manage for now