Add umbrella threat model + AGENTS.md and link from SECURITY.md for security-model discoverability

[potiuk]

This is a draft proposal for the CXF PMC to review — please correct, reject, or discuss as needed. Nothing here is a requirement; the maintainers are the decision-makers, and this describes CXF as the PMC says it is.

This PR adds an umbrella THREAT_MODEL.md for the CXF framework, an AGENTS.md, and a Threat Model section linking it from the existing SECURITY.md — so a scan agent can follow AGENTS.md -> SECURITY.md -> THREAT_MODEL.md.

A framing note the model leads with: CXF is a framework, not an app. It provides mechanisms (WS-Security, TLS conduits, authorization interceptors, XML limits); which are active and how is the integrator's choice. So many properties are conditional, and the integrator-responsibilities and known-non-findings sections carry a lot of weight.

Draft-first, mostly inferred (~14 documented / 0 maintainer / ~55 inferred); every *(inferred)* claim routes to a numbered §14 question. The wave-1 rulings are what decide VALID-vs-misconfiguration:

• Are CXF's XML secure-processing limits (DTD/external-entity off, entity-expansion/depth/size caps) on by default for inbound SOAP and JAX-RS XML, so an XXE/XML-bomb report against defaults is VALID?
• Is remote WSDL/schema/MTOM resolution disabled/allow-listed by default (SSRF)?
• Are the shipped JAX-RS providers' unsafe deserialization modes off by default?

Scope note: this umbrella covers apache/cxf. apache/cxf-fediz (WS-Federation SSO) has a distinct trust surface and gets its own model; apache/cxf-xjc-utils and apache/cxf-build-utils are build-time tooling (out of the runtime model) and will carry only a discoverability pointer.

Context: the ASF Security team is preparing the project for an automated agentic security scan we're piloting. Drafted via the threat-model-producer rubric. If you'd rather author it yourselves, close this PR and we'll regroup.