Threat model an abstract enterprise supply chain

[jonmuk]

Create an enterprise architecture and accompanying threat model to identify the threats that we need to address as part of the "sterling toolchain" and validate existing standards.

High level goals include:

• Define a high level architecture for an enterprise (NOTE: during initial meetings we were unable to identify participants to define a small or medium sized business)
• Identify and describe threats to the confidentiality and integrity of proprietary software components produced with software development processes and infrastructures within architecture
• Identify where existing OSSF standards and projects would align to mitigate the identified threats

[jonmuk]

Draft blog created to promote the threat modelling work, raised to group for review