HDDS-15465. Add a project threat model and security-model discoverability (AGENTS.md, SECURITY.md)

[potiuk]

What this is

A draft threat model for Apache Ozone, proposed by the ASF Security team for the Ozone PMC to review, correct, or reject — drafted from Ozone's public docs/repo against the ASF Security threat-model rubric. Scope + path were confirmed by the PMC on the security@ thread.

This PR (HDDS-15465):

• adds THREAT_MODEL.md — the draft model;
• appends a ## Threat Model pointer to the existing SECURITY.md (the reporting policy is unchanged);
• adds AGENTS.md, wiring AGENTS.md → SECURITY.md → THREAT_MODEL.md for automated-scanner discoverability.

How to read it

Every claim is provenance-tagged — (documented) / (inferred) (reasoned from architecture, not yet confirmed) / (maintainer). This v0 is ~14 documented / ~34 inferred. The §14 Open questions section is where review time is best spent; the highest-impact ones:

• whether a Kerberos-secured deployment is the in-model baseline (so findings that only manifest with ozone.security.enabled=false / simple auth are out-of-model / non-default) — the single biggest ruling;
• the delegation/block-token gate at the DataNode, the S3-gateway anonymous-access default, native-ACL vs Ranger enforcement, the Ratis inter-node trust posture, and where the resource/DoS line sits.

Scope: apache/ozone (OM / SCM / DataNode / S3 gateway / Recon / client); apache/ozone-thirdparty's packaging is in scope, its upstream internals out. Nothing here is a requirement — the model is the PMC's to own. Comment inline, edit the branch, or reply on the email thread.