docs: add a Security section (rehome release verification guide)

[lmeyerov]

Context

In PR #1206 (PR-F4) we added docs/source/release-verification.md and temporarily wired it into the top-level docs/source/index.rst toctree. That placement is structurally wrong — it sat as a peer of the entire graphistry API module, when the content is meta/supply-chain/security.

Until a proper Security section exists in the docs, we are removing the page from readthedocs. For now the verification guide lives at repo root as RELEASE_VERIFICATION.md, linked from SECURITY.md.

Goal

Add a dedicated Security section to the Sphinx docs with its own captioned toctree so security-facing, non-API content (release verification, disclosure policy pointers, supply-chain evidence guidance, etc.) has a natural home.

Scope

• Introduce a security/ folder under docs/source/ (or an equivalent grouping) with its own captioned toctree in index.rst
• Rehome RELEASE_VERIFICATION.md into that section
• Update SECURITY.md to link to the rendered docs page instead of the repo-root markdown file
• Consider what else belongs there (disclosure process, supported versions, threat model snippets if any)

Out of scope

• Changing the publish workflow or release evidence model (PR-F3/F4 already covered that)

Related

• PR PR-F4: Add release verification docs for attestations + SBOM evidence #1206 — original addition of the verification guide
• Umbrella Umbrella: Harden untrusted PR CI + Codex agent security model #1130 — trusted-release hardening