security: update CSRF security model to indicate window.context is unprivileged

Created by: slimsag

Now that window.context does not even contain CSRF tokens/headers (i.e., now that we have proven those are not used in our CSRF security model) we can now update our security model doc to indicate that window.context is entirely unprivileged data.

Signed-off-by: Stephen Gutekanst stephen@sourcegraph.com