docs: add portable security notice and clarify risk wording

[Karen86Tonoyan]

PR #1420 z plikiem zawierającym : w nazwie nie da się checkoutować na Windows (potwierdzone lokalnie), więc poprawka została przygotowana jako czysty, przenośny branch z bezpieczną ścieżką pliku.
Hi, I identified an issue affecting Windows users.

Problem:
Certain file naming / access patterns cannot be reliably handled on Windows environments (confirmed locally).

Impact:
This may lead to confusion or failure when users try to access or verify files.

Fix:

Added a portable security notice
Clarified risk wording to make behavior explicit
No breaking changes, documentation-only improvement
Goal:
Improve clarity and prevent misuse or misinterpretation, especially across different OS environments.

Let me know if you'd like me to adjust wording or scope.

[Copilot]

Pull request overview

Adds a new portable documentation page intended to communicate an initial security-hardening notice around installation/configuration supply-chain and persistence risks.

Changes:

• Added docs/security-hardening.md describing security-hardening intent and risk areas (mutable versions, remote script execution, environment-level config changes).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The statement "no malicious behavior was identified" reads like a security assurance, but this document doesn’t define the scope or method of review. Consider rephrasing to something more precise (e.g., "no evidence of malicious behavior was found during this review") and/or explicitly stating that this is not a security audit guarantee.

Suggested change

	While no malicious behavior was identified, these patterns can increase risk in stricter threat models.
	While no evidence of malicious behavior was found during this review, these patterns can increase risk in stricter threat models and this document does not constitute a security audit or guarantee.

[Copilot]

The heading and intro position this as a "safer install and configuration flow", but the document currently lists risky patterns without pointing readers to the repo’s recommended safer alternatives (e.g., which commands to prefer, or where to find the hardened flow). Adding a short "Recommended safer approach" section with concrete next steps (download/review installer, prefer pinned versions, review config writes) would make this notice actionable.

[Copilot]

This file is a standalone doc but starts with an H2 ("##"). For consistency with other top-level docs in the repo (e.g., SECURITY.md uses an H1), consider making the first heading an H1 so renderers generate a correct page title/TOC.

Suggested change

	## Security Hardening - safer install and configuration flow
	# Security Hardening - safer install and configuration flow

[Karen86Tonoyan]

Security Hardening - safer install and configuration flow

[Karen86Tonoyan]

Hi, I identified an issue affecting Windows users.

Problem:
Certain file naming / access patterns cannot be reliably handled on Windows environments (confirmed locally).

Impact:
This may lead to confusion or failure when users try to access or verify files.

Fix:

Added a portable security notice
Clarified risk wording to make behavior explicit
No breaking changes, documentation-only improvement
Goal:
Improve clarity and prevent misuse or misinterpretation, especially across different OS environments.

Let me know if you'd like me to adjust wording or scope.

[Karen86Tonoyan]

While no evidence of malicious behavior was found during this review,
these patterns may increase risk under stricter threat models.
This document does not constitute a security audit or guarantee.