docs consolidation

docs/17_SECURITY_HARDENING_GUIDE.md

@@ -25,7 +25,7 @@
 
 | Asset                | Threats               | Mitigations                                                            |
 | -------------------- | --------------------- | ---------------------------------------------------------------------- |
-| SBOMs & scan results | Disclosure, tamper    | TLS‑in‑transit, read‑only Redis volume, RBAC, Cosign‑verified plug‑ins |
+| SBOMs & scan results | Disclosure, tamper    | TLS‑in‑transit, read‑only Valkey volume, RBAC, Cosign‑verified plug‑ins |
 | Backend container    | RCE, code‑injection   | Distroless image, non‑root UID, read‑only FS, seccomp + `CAP_DROP:ALL` |
 | Update artefacts     | Supply‑chain attack   | Cosign‑signed images & SBOMs, enforced by admission controller         |
 | Admin credentials    | Phishing, brute force | OAuth 2.0 with 12‑h token TTL, optional mTLS                           |
@@ -72,10 +72,10 @@ services:
       timeout: 5s
       retries: 5
 
-  redis:
-    image: redis:7.2-alpine
-    command: ["redis-server", "--requirepass", "${REDIS_PASS}", "--rename-command", "FLUSHALL", ""]
-    user: "redis"
+  valkey:
+    image: valkey/valkey:8.0-alpine
+    command: ["valkey-server", "--requirepass", "${VALKEY_PASS}", "--rename-command", "FLUSHALL", ""]
+    user: "valkey"
     read_only: true
     cap_drop: [ALL]
     tmpfs: