Document threat-model considerations for using kms-secrets

[explorigin]

There are two use-cases for kms-secrets:

1. deploy-time secrets
2. run-time secrets

Document when you would want to use each.