doc: add Node.js Threat Model

Reference: https://github.com/nodejs/security-wg/issues/799 Following up: https://github.com/nodejs/nodejs.org/pull/4896

This is another Security WG initiative. We've been actively working on that and finally, we have something to share.

This document was created aiming to provide context on what will/will not be considered a vulnerability in Node.js, targeting Security Researchers, as well as serve as a guide for application security operations in support of development teams building on top of the Node.js platform.

cc: @nodejs/security @nodejs/security-wg @nodejs/tsc

Co-authored-by: Michael Dawson midawson@redhat.com Co-authored-by: Facundo Tuesca facundo.tuesca@trailofbits.com Co-authored-by: Ulises Gascon UlisesGascon@users.noreply.github.com Co-authored-by: Thomas Gentilhomme gentilhomme.thomas@gmail.com