Security register — moved

This file has been split into a two-layer security documentation track.

The original single-file register conflated customer-shareable severity ratings with internal repro details and code citations. It is now superseded by:

• Customer-shareable risk register: docs/security/client/risk-register.md
• Internal full-detail findings: docs/security/internal/findings.md
• Track entrypoint (explains the layout): docs/security/README.md

See the entrypoint for the full layout, including:

• docs/security/internal/threat-model.md — STRIDE walkthrough
• docs/security/internal/dependency-audit.md — npm audit / pnpm audit capture
• docs/security/internal/incident-history.md — past incidents + post-mortem template
• docs/security/security-incident-policy.md — customer-shareable IR flow

The legacy IDs (SF-, FM-, AF-) referenced in E2E tests, PR comments, and prior commits map to the new SR-NNN IDs via the table at the bottom of internal/findings.md. This file is preserved as a redirect; please update inbound links to point at the new locations.