Update Threat Model with Blob Signing scenarios

[rgnote]

One of the scenario was discussed in https://github.com/notaryproject/specifications/pull/283#discussion_r1479399825 We need to update the threat model to call out that a signed blob artifact can be transformed as a signed OCI image and an adversary can lower the security of the hashing algorithm selected notation.