Add security concepts to doc/book/security

[StackScribe]

Add some conceptual and background information to the top file in the Security section:

• Jenkins is a fully distributed build system; briefly explain the security ramifications
• Security concepts (least privilege, know the system, defense in depth, etc)
• Brief view of how Jenkins executes a Pipeline as background to understanding security settings and practices.
• Pulled info about different users who control what Pipeline actually executes from controller-isolation.adoc. Note that this means that the start of controller-isolation.adoc is a bit bumpy. I plan to rewrite that in a separate PR to keep this PR from getting unwieldy but let me know if you prefer that I fix that file here.

Other existing material in this file will be moved to other files that discuss the same issue. Separate tickets filed for rewrites of other files in this section.

[daniel-beck]

Jenkins is a fully distributed build system; briefly explain the security ramifications

https://www.jenkins.io/doc/book/security/controller-isolation/ does some of that.

[StackScribe]

#4612

[StackScribe]

@daniel-beck The "fully distributed build system" stuff should be in the intro to this chapter and, for a topic sentence, I like the phraseology that is there now and that came from you a couple years ago. But the material in https://www.jenkins.io/doc/book/security/controller-isolation/ adds depth; I will pull that into this introductory section so that "Controller Isolation" can just concentrate on the distributed configuration. Does that seem appropriate?