Consider additional candidate CWEs for A03

[ramimac]

I'm not familiar with the process for mapping to CWEs, but would expect the following to also be included in A03:

• CWE-1357: Reliance on Insufficiently Trustworthy Component (parent of 1104 and 1329)
• CWE-506: Embedded Malicious Code