Add trust model document to the website

[surajssd]

Move this document to the website: https://github.com/confidential-containers/confidential-containers/blob/main/trust_model.md

[portersrc]

hey suraj i was looking at this document after it got brought up in the main slack channel, and i want to put up a PR on the confidential-containers repo first, where people will have eyes on it;
do you mind waiting to migrate it so that it gets eyes on any changes first?

[surajssd]

Either way is fine, creating a PR here with changes might help this repo to get more eyes 😉 But I will let you do what you think is right.

[portersrc]

Oh, let's do that, then. I can put up PRs for migrating it. And then we can add some to it after it's migrated.

[dcmiddle]

Hi, I don't think I understand the docs / website strategy. We have our main doc contents in confidential-containers and then each subproject has docs in their repo. I thought the website would draw from these repos. Is there another issue or a content mapping to describe the overall migration you are envisioning?
cc: @magowan

[fitzthum]

I think part of the idea is that the website will be for users whereas the md stuff will be for devs. In the past we have never had any such distinction (which is telling) so it's not always obvious how to split things. We probably want some kind of trust model in both places, for instance.

[portersrc]

Related suggestion from @surajssd for tackling this kind of case is here, and he links to this. This kind of idea would allow us to leave docs in their home repos but still display them on the site. If people want, we can try that for these threat model docs.

Regarding @dcmiddle's general suggestion/question about having an issue, for example, to track the pages we want to migrate, to the best of my knowledge we don't have that; but I think that's a great idea. I can draw up the issue, but let's see if @surajssd has some idea in mind already.

[surajssd]

I think for pages that ought to remain in both places, I will be working on an automation to copy it from respective projects.

A general rule of thumb would be that, if something is made for users, it should stay here in this repo i.e. on the website. And things we don't want users to bother about (e.g. release process document) then that undoubtedly sits besides the code.

[dcmiddle]

Just caution that we only recently consolidated repos into this one and now we're maybe splitting it back out.
If there's a way to have the website repo be mostly mechanics and have it build a site that pulls content from each coco repo that would be ideal. Or consider moving the website into this repo.

[surajssd]

@dcmiddle I understand the concern that we just moved into this repo. But I guess the end goal is that users should find all this information useful and accessible. And back then we didn't have a website.

And we are not going to create dead links. What I mean is that we will have a note redirecting users once this PR is merged.