Add changelog for new release

[funnelfiasco]

As collected by @evankanderson in #404

If anyone is curious, here is the 3k-line unified diff between 02-25 and 10-10:
https://gist.github.com/evankanderson/c73cc87cba9b6ee1605d8f5e5cfac54f

Besides defining things like "project", here are new requirements:

Level 1

• OSPS-BR-01.02
• OSPS-BR-03.02
• OSPS-BR-07.01
• OSPS-QA-05.02

Level 2

no new requirements

Level 3

• OSPS-BR-07.02
• OSPS-DO-03.02

Added control mappings:

• PSSCRM
• SAMM
• PCIDSS
• 800-161
• UKSSCOP

Terms removed:

• Codebase

Terms added:

• Administrator
• Code
• Contributor License Agreement
• Coordinated Vulnerability Disclosure
• Developer Certificate of Origin
• Maintainer
• NIST 800-161
• OpenSSF Scorecard
• PCI DSS
• Private Vulnerability Reporting
• PSSCRM(F)
• Project
• Sensitive Data
• Sensitive Resource
• User

Not sure if that meets people's expectations, but I found it helpful. I didn't pick through wording changes, as that seemed painful given the addition of links for definitions.

Originally posted by @evankanderson in #405 (comment)

[funnelfiasco]

Also add it to the checklist

[evankanderson]

If we are clever and the generation machinery doesn't shift too much, this might be easier to assemble from a diff of the source YAML files between the previous commit and the new commit.

I'm not sure that we're embedding the current commit in the output markdown at the moment, though.