docs: security fix pipeline design spec

Design for an autonomous, containerised pipeline that validates and
proposes production-grade fixes for ~250 deepsec security findings
tracked in Linear, with local-only review and no GitHub exposure
until disclosure timing is decided. Implementation lives in a
separate repository.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: d-cs