Improve security documentation

[jimmycuadra]

Currently the security document in the docs directory is just kind of a brain dump of information related to the security of the project. There isn't a clear distinction between what information is included in the "threat model" for each section and what is in the freeform parts above. The threat model sections should be revised to include a very succinct list of attack vectors and what should be considered compromised if they are successfully breached.