docs: add chapter about overall "security" area guide

List down considerations for the following areas:

- Hardware security
- Network security
- Product security

Also added brief explanation about "Security Policy" for ESP-IDF.

Closes IDF-1565

docs/en/api-reference/peripherals/hmac.rst

@@ -82,6 +82,8 @@ The calculation of the HMAC and its hand-over to the DS component happen interna
 
 For more details, see *{IDF_TARGET_NAME} Technical Reference Manual* > *Digital Signature (DS)* [`PDF <{IDF_TARGET_TRM_EN_URL}#digsig>`__].
 
+.. _hmac_for_enabling_jtag:
+
 HMAC for Enabling JTAG
 ^^^^^^^^^^^^^^^^^^^^^^
 Key Purpose values: 6, 5

docs/en/api-reference/provisioning/provisioning.rst

@@ -97,6 +97,8 @@ It relies on the base layer called :doc:`protocomm` (Protocol Communication) whi
 
 Application creates a protocomm instance which is mapped to a specific transport and specific security scheme. Each transport in the protocomm has a concept of an "end-point" which corresponds to logical channel for communication for specific type of information. For example security handshake happens on a different endpoint than the Wi-Fi configuration endpoint. Each end-point is identified using a string and depending on the transport internal representation of the end-point changes. In case of SoftAP+HTTP transport the end-point corresponds to URI whereas in case of BLE the end-point corresponds to GATT characteristic with specific UUID. Developers can create custom end-points and implement handler for the data that is received or sent over the same end-point.
 
+.. _provisioning_security_schemes:
+
 Security Schemes
 >>>>>>>>>>>>>>>>
 At present, unified provisioning supports the following security schemes:

docs/en/api-reference/system/efuse.rst

@@ -247,6 +247,8 @@ To write some fields into one block, or different blocks in one time, you need t
 
     FOR TESTING ONLY (NOT RECOMMENDED): You can ignore or suppress errors that violate encoding scheme data in order to burn the necessary bits in the eFuse block.
 
+.. _efuse_API:
+
 eFuse API
 ---------
 

docs/en/api-reference/system/esp_https_ota.rst

@@ -61,6 +61,8 @@ Advanced APIs
 Example that uses advanced ESP_HTTPS_OTA APIs: :example:`system/ota/advanced_https_ota`.
 
 
+.. _ota_updates_pre-encrypted-firmware:
+
 OTA Upgrades with Pre-Encrypted Firmware
 ----------------------------------------
 

docs/en/api-reference/system/ota.rst

@@ -60,6 +60,8 @@ If :ref:`CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE` option is not enabled (by defaul
 
 An option in Kconfig :ref:`CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE` allows you to track the first boot of a new application. In this case, the application must confirm its operability by calling :cpp:func:`esp_ota_mark_app_valid_cancel_rollback` function, otherwise the application will be rolled back upon reboot. It allows you to control the operability of the application during the boot phase. Thus, a new application has only one attempt to boot successfully.
 
+.. _ota_rollback:
+
 Rollback Process
 ^^^^^^^^^^^^^^^^