Reorganize Security and privacy considerations

[anssiko]

@pes10k PTAL. After another look of your insightful privacy review feedback (thanks again!) I think this PR should fix:

• Specify what kind of attacks are considered and addressed #204
  Added a top-level "Types of privacy and security threats" section seeded with timing attacks description as a type of side-channel attack worth mitigating against in this (as well as any other) web spec.

• "no side channels" subsection issues #205
  This confusing section was removed to prepare for integration of your proposed cross-site covert channel attack description.

Remaining work:

This lays the foundation for @pes10k to contribute the proposed cross-site covert channel attack discussed in #197 (or the WG can integrate on your behalf with credits, possibly in another PR).

---

Preview | Diff

[anssiko]

Since PR Preview is having a bad day, here's a manually created preview:

Preview

You can compare it with the current text.

[kenchris]

Thanks you @anssiko

[pes10k]

I think this is a good change and reorg. I'll leave comments for the mitigations you mentioned and incorporated into the normative parts of the spec in other issues

[anssiko]

Thanks for your review @pes10k! I made a minor typo fix and merged this PR that addresses #204 and #205.

The following privacy issues remain open and welcome your contributions:

• Feature can be abused to create cross-site covert channels #197 for discussing the cross-site covert channel attack.
• "User notifications" section should be more specific #194 for discussing improvements to the User notifications section.

Let's continue discussion in those two issues. Thanks for your contributions!