Docs: clarify sensitive data exposure policy

[bobu-putheeckal]

closes: #59839

Clarifies the security model policy for sensitive data exposed through the public UI/API and airflowctl, including masking/redaction, permissions, connections/variables/configuration handling, secrets backends, and limits of masking for DAG-authored outputs.

Tests/checks:

• uvx pre-commit run insert-license --files airflow-core/docs/security/security_model.rst
• uvx pre-commit run rst-backticks --files airflow-core/docs/security/security_model.rst
• uvx pre-commit run end-of-file-fixer --files airflow-core/docs/security/security_model.rst
• uvx pre-commit run trailing-whitespace --files airflow-core/docs/security/security_model.rst
• uvx pre-commit run mixed-line-ending --files airflow-core/docs/security/security_model.rst
• uvx pre-commit run blacken-docs --files airflow-core/docs/security/security_model.rst
• uvx pre-commit run check-for-inclusive-language --files airflow-core/docs/security/security_model.rst
• git diff --check

Docs build note:

• uv run --group docs build-docs --help could not finish installing the full default environment because jpype1 requires a local Java runtime.
• uv run --no-default-groups --group docs build-docs --docs-only --one-pass-only apache-airflow started, but failed before parsing docs because the system enchant C library is not installed for sphinxcontrib.spelling.

[potiuk]

@bobu-putheeckal A few things need addressing before review — see our Pull Request quality criteria.

• ❌ Doc build (spellcheck) fails: CI image checks / Build documentation (--spellcheck-only) — likely a misspelled or unknown word. If the new word is intentional jargon, add it to docs/spelling_wordlist.txt. See the Checks tab.

No rush.

---

Note: This comment was drafted by an AI-assisted triage tool and may contain mistakes. Once you have addressed the points above, an Apache Airflow maintainer — a real person — will take the next look at your PR. We use this two-stage triage process so that our maintainers' limited time is spent where it matters most: the conversation with you.

---

Drafted-by: Claude Code (Opus 4.7); reviewed by @potiuk before posting

[bobu-putheeckal]

Pushed 192aecc6e4 to add exfiltrate to docs/spelling_wordlist.txt and address the spellcheck failure. The current PR check rollup no longer shows the docs spellcheck job failing.

[kaxil]

PR template hasn't been followed on any of your PRs. As such I am closing all your PRs since I see little to no evidence of actual testing and mass PRs to Airflow & other repos.