Improve the wording in section 9.4: Trusted Applications

[jplyle]

This pull request makes some significant changes to the "Trusted Applications" section. I suspect they will not be deemed acceptable changes as-is, but I thought it would be constructive to start the discussion by suggesting my own improvements.

Key points:

• The phrase 'trusted application' is changed to 'privileged applications', as this is what seems to be described in the section.
• The 'security considerations' section has been replaced by a set of use cases, misuse cases and security principles. In my opinion, these make it clearer what the purpose of privileged applications are and how the specification addresses the additional threats.
• I have defined a 'privileged application' as one which requests a set of as-yet undefined privileges, but probably access to any of messaging, telephony and raw socket APIs.
• I have defined that privileged apps must either be packaged and signed, or served from an authenticated source. I removed reference to signed manifests but would be happy to put them back in. I just didn't really understand the motivation in this instance.
• I stated that CSP policies may be tightened by additional rules in the app manifest or in individual pages.
• I gave more detail as to the requirements for revocation, update and signing for privileged applications.

Any feedback or suggestions for further improvements would be very welcome.

[jplyle]

@marcoscaceres - Well spotted. I have modified the phrasing of this section.

[mounirlamouri]

As the initial comment says, I'm not 100% happy with the changes here. I think it would be great to speak about that during the F2F.

[jplyle]

As discussed in person, I will create separate issues for the various modifications I am proposing. I will therefore close this PR.