When writing controls I need a way to score their importance as not all controls have the same impact on performance indexing and security

[willeybryan]

Acceptance Criteria

• Rules data model needs a quantitative attributes we can use in risk management calculations and an performance index
  - Rules should have a value for their Relevance, Significance, and Logical conditions
• Values should be able to be set by the developer writing the rules (UI to set this in the future)
  - Should follow the format to turn Qualitative rules into Quantitative ones from this software https://evaluator.severski.net/articles/usage.html#encode-the-data
• Set all rules to be equal by default so we can change them later as we gain more information
  - The Rules weighting system should be compatible with the Thomas Scoring System https://exploringpossibilityspace.blogspot.com/2014/02/thomas-scoring-system.html

Notes
"The Logical Condition is any set of logical relations among metric conditions that, when TRUE, mean that this condition provides some evidentiary support for that particular index value (a.k.a. score value). Relevance is a number, or a function that returns a number, on some standard scale of relevance. In the demo below, the relevance scale is -1 to +1, with '+1' meaning fully relevant with positive implications, '-1' meaning fully relevant with negative implications, and '0' meaning not relevant. Significance is the conditional weighting factor, given that both the logical condition are true and relevance is not zero."

Why?
- Professionals consuming the output of the tool need to be able to easily compare the amount of risk a release exposes them too in cases where not all controls are met. To do this we need to assign values to the rules which we can them bubble up into a performance index.