feat: Document completed tasks for KMS, Cryptography, and Plugin Libraries

- Added detailed task completion records for KMS interface implementation and CLI support for file-based keys.
- Documented security enhancements including Argon2id password hashing, audit event contracts, and rate limiting configurations.
- Included scoped service support and integration updates for the Plugin platform, ensuring proper DI handling and testing coverage.

docs/technical/security/README.md

@@ -0,0 +1,35 @@
+# Security, Risk & Governance
+
+Authoritative sources for threat models, governance, compliance, and security operations.
+
+## Policies & Governance
+- [../13_SECURITY_POLICY.md](../../13_SECURITY_POLICY.md) – responsible disclosure, support windows.
+- [../11_GOVERNANCE.md](../../11_GOVERNANCE.md) – project governance charter.
+- [../12_CODE_OF_CONDUCT.md](../../12_CODE_OF_CONDUCT.md) – community expectations.
+- [../17_SECURITY_HARDENING_GUIDE.md](../../17_SECURITY_HARDENING_GUIDE.md) – deployment hardening steps.
+- [../security/policy-governance.md](../../security/policy-governance.md) – policy governance specifics.
+- [../29_LEGAL_FAQ_QUOTA.md](../../29_LEGAL_FAQ_QUOTA.md) – legal interpretation of quota.
+- [../33_333_QUOTA_OVERVIEW.md](../../33_333_QUOTA_OVERVIEW.md) – quota policy reference.
+- [../risk/risk-profiles.md](../../risk/risk-profiles.md) – organisational risk personas.
+
+## Threat Models & Security Architecture
+- [../security/authority-threat-model.md](../../security/authority-threat-model.md) – Authority service threat analysis.
+- [../security/authority-scopes.md](../../security/authority-scopes.md) – scope model.
+- [../security/console-security.md](../../security/console-security.md) – Console posture guidance.
+- [../security/pack-signing-and-rbac.md](../../security/pack-signing-and-rbac.md) – pack signing, RBAC guardrails.
+- [../security/policy-governance.md](../../security/policy-governance.md) – policy governance controls.
+- [../security/rate-limits.md](../../security/rate-limits.md) – rate limiting behaviour.
+- [../security/password-hashing.md](../../security/password-hashing.md) – credential storage.
+
+## Audit, Revocation & Compliance
+- [../security/audit-events.md](../../security/audit-events.md) – audit event taxonomy.
+- [../security/revocation-bundle.md](../../security/revocation-bundle.md) & [../security/revocation-bundle-example.json](../../security/revocation-bundle-example.json) – revocation process.
+- [../license-jwt-quota.md](../../license-jwt-quota.md) – licence/quota enforcement controls.
+- [../30_QUOTA_ENFORCEMENT_FLOW1.md](../../30_QUOTA_ENFORCEMENT_FLOW1.md) – quota enforcement sequence.
+- [../10_OFFLINE_KIT.md](../../10_OFFLINE_KIT.md) & [../24_OFFLINE_KIT.md](../../24_OFFLINE_KIT.md) – tamper-evident offline artefacts.
+- [../security/](../../security/) – browse for additional deep dives (audit, scopes, rate limits).
+
+## Supporting Material
+- Module operations security notes: [../../modules/authority/operations/key-rotation.md](../../modules/authority/operations/key-rotation.md), [../../modules/concelier/operations/authority-audit-runbook.md](../../modules/concelier/operations/authority-audit-runbook.md), [../../modules/zastava/README.md](../../modules/zastava/README.md) (runtime enforcement).
+- [../observability/policy.md](../../observability/policy.md) – security-relevant telemetry for policy.
+- [../updates/2025-10-27-console-security-signoff.md](../../updates/2025-10-27-console-security-signoff.md) & [../updates/2025-10-31-console-security-refresh.md](../../updates/2025-10-31-console-security-refresh.md) – recent security sign-offs.