Document robustness and security posture of the codebase

[steven-bellock]

GHSA-j54w-759w-xj3m was a security vulnerability in what was effectively sample code. However vulnerability reporters are probably not aware of that, and Integrators of libspdm need to know what portions of the codebase are considered production-quality and what are not. With each release libspdm should be explicit towards the robustness and security posture of the different directories in the repository.