* Adds Source Data example
* Adds Scope of Impact section
* Updates Concerns section

Co-authored-by: Eric Beahan <ebeahan@gmail.com>

I misunderstood the "source data" section; a risk score document is what
actually shows the proposed fields being used.

This represents the total number of alerts that were processed to create
this risk score; having a larger number is both more realistic, and also
highlights the fact that the number of inputs will be very small
compared to this number.

We've added this functionality within the product, we should discuss and
add these fields to ECS as well.

This was previously not clear from the examples/descriptions: category
scores will be normalized to the 0-100 range, and only the
`calculated_score` represents the "raw" score of the entity.

* category scores are within 0-100
* category scores sum to the calculated_score_norm
* category 5 is present since criticality is present

We decided to number our risk categories based on the order in which
they are introduced in kibana. Since Asset Criticality is being released
next, and AC corresponds to the Entity Contexts category, it's now
Category 2.

This reverts commit 323ed90.

 Conflicts:
	rfcs/text/0042-risk-score-extensions.md
	rfcs/text/0042/risk.yml