Document high level security concerns

[cartermp]

This was discussed in a comms SIG and floated by the security SIG prior with thumbs ups.

Proposal:

• Top-level node in the docs called Security
• Index page is a general overview
• Page on HTTP operations and, in particular, things like being wary of capturing PII and looking into any config settings you have to set with instrumentation
• Page on the collector that, in particular, covers the redactionprocessor

Relevant slack thread: https://cloud-native.slack.com/archives/C05A85QC281/p1692283776729499

[martinjt]

This should also include details on the approach to collector image security as that's something I hear a lot about.

[svrnm]

There is a Security document in the collector repo, not sure if this belongs there or can be migrated into the docs:

https://github.com/open-telemetry/opentelemetry-collector/blob/main/docs/security-best-practices.md

cc @open-telemetry/collector-approvers

[mx-psi]

Some parts of this doc are for Collector end-users while others are for component developers. I think information for end-users makes sense to have under the OpenTelemetry docs, but information for component developers may be too niche

[svrnm]

Splitting it into end-user material @ docs and keep the developer specific material in the repo makes sense to me. (and adding a back-reference from both documents to link them)