feat(lab2): Threagile threat model + secure variant + auth flow

[StefFashka]

Goal

This PR delivers the completed Lab 2 threat modeling assignment, establishing the architecture baseline, a hardened secure variant, and a focused authentication flow model analyzed via Threagile.

Changes

• submissions/lab2.md — Final submission report with risk tables, STRIDE mapping, and reflections.
• labs/lab2/threagile-model-secure.yaml — Hardened architecture variant (HTTPS, proxy auth, storage encryption).
• labs/lab2/threagile-model-auth.yaml — Refined, deep-dive threat model focused strictly on the authentication pipeline.

Testing

Verified all threat models locally using Threagile (v0.9.1) container and validated risk distributions via jq.

1. Baseline Model (23 risks total):

jq '[.[] | .severity] | group_by(.) | map({severity: .[0], count: length})' labs/lab2/output/risks.json
# Output: elevated: 4, medium: 14, low: 5

2. Secure Variant Model (17 risks total, Δ = -6):

jq '[.[] | .severity] | group_by(.) | map({severity: .[0], count: length})' labs/lab2/output-secure/risks.json
# Output: elevated: 1, medium: 11, low: 5

3. Auth Flow Model (40 risks total):

jq '[.[] | .severity] | group_by(.) | map({severity: .[0], count: length})' labs/lab2/output-auth/risks.json
# Output: elevated: 5, medium: 21, low: 14

• Task 1 — Baseline risk table + top-5 with STRIDE mapping
• Task 2 — Secure variant + risk diff table
• Bonus — Auth-flow model + 3 auth-specific risks

Artifacts & Screenshots

The rendered threat assessment and analysis text can be found directly in submissions/lab2.md.