[DOCS] Add operator threat model and secure deployment guide

[utksh1]

Problem

SecuScan needs a production-grade improvement in this area: Production security guidance..

Scope

Document trust boundaries, local-only assumptions, auth requirements, vault key management, plugin risks, network exposure, and hardening checklist.

Acceptance Criteria

• The implementation is focused and does not introduce unrelated UI, docs, lockfile, or formatting churn.
• Security-sensitive behavior has explicit negative tests where applicable.
• Existing tests continue to pass, and new tests cover the main success and failure paths.
• Documentation or configuration examples are updated when operator behavior changes.

Verification

Docs should include a threat table and actionable deployment profiles for local, LAN, and container use.

Difficulty

Hard, useful issue intended for experienced contributors.

[Dharshin1]

Hi @utksh1, I’d like to work on this issue. I plan to add a structured operator threat model covering trust boundaries, authentication assumptions, plugin/security risks, vault key management, and network exposure scenarios. I’ll also document actionable deployment hardening profiles for local, LAN, and containerized environments, along with a practical hardening checklist and configuration guidance. Where applicable, I’ll include negative/security-focused validation coverage to ensure unsafe configurations and security-sensitive behaviors are explicitly tested. I’ll keep the PR tightly scoped and avoid unrelated formatting or documentation churn.
Please assign this issue to me. Thanks!

[vikas-6]

./assign me under gssoc 2026

[aaniya22]

Please assign this issue to me under Gssoc'26