Add "justify yourself" mitigation

* Requirements: way to attempt configuration changes as unauthorized user, way to read error messages, way to compare configuration before and after

* Documentation: list of all security-relevant configuration items, source, description, output of tests, documentation on how to set up tests, read configuration

### 5.2.X **TR-MINI**: Minimize exposed interfaces

#### 5.2.X.1 Threat description

Threat: An interface unnecessary for the default functioning of the product is exposed and has a vulnerability.

#### 5.2.X.x **MI-JUST**: List and justify all exposed interfaces

Use case: Above a certain level of risk

* Mitigation: For every exposed interface to a security-relevant component, describe why it is necessary for default behavior

* Test: Use the following techniques to find interfaces and compare to the documentation:

  * Scan for open network ports

  * Try all syscall numbers

  * Enumerate /proc/sys

  * FIXME more

* Result: No undocumented interfaces

* Output: Documentation of interfaces, results of scans

* Requirements: Ability to enumerate interfaces on shipped product

* Documentation: Source, documentaition, output of tests

> Copy-n-paste mitigation format

### 5.2.X **TR-XXXX**: