New Supply Chain Problems section

[mcevoy-building7]

I sent Tom a note outlining my ideas on why this section has changed. I've been working hard to find ways to smooth the logic flow, increase clarity, and add organization to the complication of all these different SLSA topic pages and sections. It's difficult for a new reader to navigate through the ideas because there are duplications, omissions, and different styles of organizing information by the contributors. As I was seeing the final pieces come together, I noticed more problems but I came up with some new ideas at the last minutes. I'd like to try and group the pages into three content categories that are basically consists of:

1. The introductory overview pages
2. The Threat Problems
3. The SLSA Standards and Requirements that solve threat problems
4. Plus a Resource catch-all section

This PR combined the threat pages together into a TOC category I'd like to call the Supply Chain Threat Problem. Next I'd like to combine all the SLSA Technical pages into a TOC category I'd like to call The SLSA Solution. These simplified categories will make it easier for new user to navigate through all these complicated ideas.

Here's my thoughts on how a new TOC would look:

INTRODUCTION TO SLSA
What is SLSA?
Applying SLSA
Use Cases
Guiding Principles
Terminology
About this Document
What's New?

THE SUPPLY CHAIN PROBLEM
Introduction to Supply Chain Threats
with the Real World Supply Chain Examples table
Threats & Mitigations
more?

THE SLSA SOLUTION
Build Track
Build Track: Basics
Build Track: Requirements for producing artifacts
Build Track: Distributing provenance
Build Track: Verifying artifacts
Build Track: Assessing build platforms
Build Environment Track
Build Environment Track: Basics
Dependency Track
Dependency Track: Consuming dependencies
Source Track
Source Track: Consuming source
Source Track: Verifying source
Source Track: Assessing source control systems
Source Track: Example controls
Attestation Formats
Attestation formats: General model
Attestation formats: Provenance
Attestation formats: Build Provenance
Attestation formats: Verification Summary Attestation (VSA)
Verified properties

RESOURCES
FAQ
Specification stages
Future directions
Blog
Community
Contributor guide?
More

---

Files include:
real-world-examples.md - Introduces the Supply Chain Problem section, including intro and real world examples.
threats.md - Threats & Mitigations section that was under Cross Track Information.

DO NOT MERGE

[netlify]

✅ Deploy Preview for slsa ready!

Name	Link
🔨 Latest commit	2bdfe0c
🔍 Latest deploy log	https://app.netlify.com/projects/slsa/deploys/695e36e03760820008a872c3
😎 Deploy Preview	https://deploy-preview-1544--slsa.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[lehors]

@mcevoy-building7 On our repo you can mark a PR as a draft to prevent merging. On the right of the page under the reviewers list you can find a line that reads: "Still in progress? Convert to draft".

[mcevoy-building7]

@lehors That sounds logical, but not what @TomHennen told me to do. @TomHennen ?

PS: can I add reviewers? Maybe not because I'm forked outside?

[TomHennen]

@lehors That sounds logical, but not what @TomHennen told me to do. @TomHennen ?

PS: can I add reviewers? Maybe not because I'm forked outside?

Marking is as draft is fine. The key thing is that people can see what the changes will be and draft status won't change that. If you don't think it's ready to merge (or it's not ready for feedback) draft is appropriate.