Investigate the attemptXFromSoftProdVulnerability Attack Steps

[andrewbwm]

The attempt[Read/Deny/Modify]FromSoftProdVulnerability attack steps on the Application asset show up as viable using the https://github.com/mal-lang/mal-toolbox. This is not incorrect, but it feels confusing and the steps themselves seem redundant as they could only be called if the associated SoftwareProduct existed in the first place.

It might be worth removing them if they do not serve any other purpose to clean up the resulting attack graphs.

[andrewbwm]

The softwareProductVulnerabilityXAchieved steps also show up as viable even if there is no SoftwareProduct. A possible fix might be to turn those steps into AND steps and have SoftwareCheck lead to them as well.