Update threat model for Linear Leios

[ch1bo]

Updated scope to fit the latest design we have in the CIP draft. Updated several threats in there. I'm not 100% happy with the level of detail and its honestly a bit hard to maintain (also the diffs are horrible with re-ordering things). Especially as there are very good write-ups of attacks already.

Some key changes / observations:

• Linear leios does not allow us to use mitigate withholding and front-running by over-parameterization (M5)
• Linear leios avoids conflicting transactions by design. This is covered by M11, but I'm not sure whether things avoided by design should be actual mitigations?

@will-break-it Feel free to use it or leave it out for the CIP rationale/appendix.

[Copilot]

Pull Request Overview

This PR updates the threat model to align with the simplified "Linear Leios" design that eliminates Input Blocks (IBs) and couples Endorser Block (EB) and Ranking Block (RB) production by the same block producer. The update reflects significant architectural changes in the consensus mechanism and reassesses threat scenarios accordingly.

Key changes include:

• Updated system overview to reflect Linear Leios architecture with coupled RB/EB production
• Revised threat analysis with updated likelihood assessments and attack vectors
• Added new mitigation strategy (M11) for conflicting transactions and noted limitations of over-parameterization (M5)

[bwbush]

Not 100% true any more, because of the need for execution bitmaps.

[bwbush]

A more powerful related attack is to delay releasing transactions for several seconds. This will create a spike in fetches of those transactions so that some nodes do not have enough time to retrieve+validate them and then vote.

[bwbush]

I noted a coupe of corrections. Aside from those, this is aligned with the latest version of Linear Leios.