Add Mithril Threat Model page on website

[jpraynaud]

Content

This PR includes a new Mithril Threat Model page on the website based on the original Hackmd document:

Tip

In order to run locally the website, please run the following steps:

• Pull this branch
• Run cd docs/website from the root of the repository
• Run npm install
• Run make dev
• Open your browser at http://localhost:3000/doc/next/mithril/threat-model
• Pages are automatically refreshed in the browser when they markdown files are modified

Pre-submit checklist

• Branch
  • Commit sequence broadly makes sense
  • Key commits have useful messages
• PR
  • No clippy warnings in the CI
  • Self-reviewed the diff
  • Useful pull request description
  • Reviewer requested
• Documentation
  • Update documentation website (if relevant)
  • Rotate documentation before merging

Issue(s)

Closes #1350

[github-actions]

Test Results

    4 files  ±0     51 suites  ±0   8m 45s ⏱️ -1s
1 073 tests ±0  1 073 ✅ ±0  0 💤 ±0  0 ❌ ±0 
1 221 runs  ±0  1 221 ✅ ±0  0 💤 ±0  0 ❌ ±0 

Results for commit 8582843. ± Comparison against base commit 56aa23e.

♻️ This comment has been updated with latest results.

[sfauvel]

Just some typo issues on my side

[rezabaram]

Here the assets are enumerated, but there is no analysis of the associated risks, neither the mitigations. Am I misunderstanding the scope of the document?

[curiecrypt]

Do we say Genesis signing keys are tamper-proof?

[jpraynaud]

@curiecrypt could you make a suggestion for this comment?
(I think that it will also apply to the "Era signing key" section)

[ch1bo]

System description contains most important things, but is a bit inconsistent on libp2p or not.

Assets already a good collection. We should order the CIA items consistently though.

Threats are clearly not complete. Probably can't hurt to also mention there that this is incomplete.

[ch1bo]

Just to be clear: I do approve of this document. "Done is better than perfect" and anything we can get published about this is good.

There are many good comments by reviewers which, when incorporated, makes this even better.