Merge branch 'val/add-leak-threat' into 'main'

Requirements: CRYPT-1, CRYPT-2

**[TH-LEAK]:** Attacker reads sensitive data sent outside the VPN connection by the product.

| Risk factors | Likelihood | Security profile |

|--------------|------------|------------------|

| CNC = 2      | High       | SP-3             |

| CNC = 1      | Medium     | SP-2, SP-4       |

| CNC = 0      | Low        | SP-1             |

_Table C.4_

| Risk factors      | Impact | Security profile |

|-------------------|--------|------------------|

| max(DAT, FUN) = 2 | High   | SP-3             |

| max(DAT, FUN) = 1 | Medium | SP-2, SP-4       |

| max(DAT, FUN) = 0 | Low    | SP-1             |

Requirements that mitigate this threat: ROUT, CONF, DNSL, IPv6, CRYPT

Mitigations for Likelihood:

* Medium to Low: ROUT-1, ROUT-2, CONF-3, DNSL-1, DNSL-2, DNSL-7, DNSL-8, IPv6-\*, CRYPT-\*

* High to Low: ROUT-\*, CONF-3, DNSL-\*, IPv6-\*, CRYPT-\*

Mitigations for Impact:

* Medium to Low: NPII-1, LOGG

* High to Low: NPII-\*, NPII- LOGG

### C.5. Mapping of use cases to risk factors and security profiles

| Use case | Description                 | CFG | AUT | DAT | FUN | ADM | RDP | CNC | SP   |