Create and review threat model for Aspire Dashboard

[kvenkatrajan]

Relates to #237

@drewnoakes

• Create threat model diagrams for localhost, ACA and external scenarios
• Introduce an UnsafeAuthMode environment variable which is off by default forcing the dashboard to not render since required authentication is not performed
• Mitigation document incase UnSafeAuthMode is applied
• Ensure that authentication/authorization of dashboard is supported for external hosting scenarios (via OpenID connect auth flow) - Dashboard certification and authorization #1483
• Ensure that all communications endpoints are defaulted to use https incase UnsafeAuthMode != true
• Ensure for external hosting grpc endpoints are authenticated (via ClientCertificate)
• Ensure for ACA that the otel grpc channel to otelcollector are authenticated
• Ensure that dashboard localhost can connect only to resource server on localhost
• Ensure dashboard performs audit logging
• Ensure access to senstive data is protected/authorized

CC: @joperezr , @davidfowl, @JamesNK

[kvenkatrajan]

Fixed via #3033 (oidc and resource server), #2316 (OTLP), #3119 (configuration unification)

[KalleOlaviNiemitalo]

Create threat model diagrams for localhost, ACA and external scenarios

Are the diagrams public? I didn't find any in the linked pull requests.