privacy review for registry inclusion

[npdoty]

Requirements we should clarify for conducting privacy review for protocols to be included in a registry.

• review would be done by the Privacy Working Group, not the Privacy Interest Group (no longer exists).
• privacy review needs to be completed, and issues need to be meaningfully addressed, in concordance with the recommendations of the threat model/privacy considerations document (conducting a privacy review and ignoring all the raised issues isn't the point)

I would also add something about process, although I'm not sure this would have as broad consensus in the group at the moment.

• protocols listed in the registry should be developed through an open process allowing impacted stakeholders to participate, review and provide feedback on the potential implications for privacy and other human rights

(The registry inclusion update PR got merged before I could list out these issues.)