Threat modeling the planning guide

[deansaxe]

          This feels like we need a risk model for this topic :-) At the end of the day, the mechanism mostly likely to be kept up to date by the human is probably the best option.

Originally posted by @gffletch in #30 (comment)

[gffletch]

I like the idea of a couple of different scenarios (mobile only, multi-device, paper only, ???) and then look at the risks/threats for those scenarios. It doesn’t cover everything but it may help with calling out the different kinds of risks/threats