Add fuzzing audit report

[AdamKorcz]

Adds report for the fuzzing audit performed by Ada Logics.

@DavidKorczynski @spzala @caniszczyk

[ptabor]

Thank you @AdamKorcz.
@nate-double-u, @spzala - do you have opinion whether we should keep such *.pdf reports in the source-code repository or website. My intuition is that it should be the webpage repo and we should move both the reports there. WDYT ?

[spzala]

Thank you @AdamKorcz. @nate-double-u, @spzala - do you have an opinion on whether we should keep such *.pdf reports in the source-code repository or website. My intuition is that it should be the webpage repo and we should move both the reports there. WDYT ?

Hi @ptabor - yes, we should keep content in there but considering we have a dedicated security folder here and that since the etcd.io/etcd repo is more visible, I think it's okay to keep such findings here but your suggestion is good too. Let's keep the new report here for now, and if we decide to move reports to the website repo, I will work on moving both reports there. If that sound good? Thanks!

[AdamKorcz]

Thank you @AdamKorcz. @nate-double-u, @spzala - do you have an opinion on whether we should keep such *.pdf reports in the source-code repository or website. My intuition is that it should be the webpage repo and we should move both the reports there. WDYT ?

Hi @ptabor - yes, we should keep content in there but considering we have a dedicated security folder here and that since the etcd.io/etcd repo is more visible, I think it's okay to keep such findings here but your suggestion is good too. Let's keep the new report here for now, and if we decide to move reports to the website repo, I will work on moving both reports there. If that sound good? Thanks!

SGTM. There may be the issue that the existing security audit report is linked to from around the internet, and those links will then result in a 404 if it gets moved.

[codecov-commenter]

Codecov Report

Merging #13788 (4c38f12) into main (4e97271) will decrease coverage by 0.10%.
The diff coverage is n/a.

❗ Current head 4c38f12 differs from pull request most recent head 1bfc88a. Consider uploading reports for the commit 1bfc88a to get more accurate results

@@            Coverage Diff             @@
##             main   #13788      +/-   ##
==========================================
- Coverage   72.75%   72.65%   -0.11%     
==========================================
  Files         467      467              
  Lines       38279    38279              
==========================================
- Hits        27850    27811      -39     
- Misses       8626     8664      +38     
- Partials     1803     1804       +1     

Flag	Coverage Δ
all	72.65% <ø> (-0.11%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
client/v3/namespace/watch.go	87.87% <0.00%> (-6.07%)	⬇️
etcdctl/ctlv3/command/lease_command.go	65.34% <0.00%> (-5.95%)	⬇️
server/etcdserver/api/v3rpc/lease.go	77.21% <0.00%> (-5.07%)	⬇️
raft/rafttest/node.go	95.00% <0.00%> (-5.00%)	⬇️
client/v3/leasing/cache.go	87.77% <0.00%> (-3.89%)	⬇️
server/etcdserver/api/v3rpc/member.go	93.54% <0.00%> (-3.23%)	⬇️
server/etcdserver/cluster_util.go	70.35% <0.00%> (-3.17%)	⬇️
client/v3/experimental/recipes/key.go	75.34% <0.00%> (-2.74%)	⬇️
server/etcdserver/api/v3rpc/watch.go	83.55% <0.00%> (-2.35%)	⬇️
client/v3/leasing/kv.go	89.70% <0.00%> (-1.67%)	⬇️
... and 16 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 4e97271...1bfc88a. Read the comment docs.

[spzala]

Thanks again for the great work @AdamKorcz Merging this per discussion with @ptabor We will think of a place on the Website repo to move current reports and link them from etcd, and also use Website for any future findings/reports. @nate-double-u thanks for your review.