docs(kubernetes): frame README for starting-point and distributed-deployment audiences (#702)

## Summary

- Restructures `kubernetes/README.md` so it explicitly serves two
related goals: a working OpenEMR starting point on Kubernetes, and a
reference for the security primitives needed when components are
deployed across trust boundaries (different clusters, VPCs, or over the
public internet).
- Moves the **Use** section directly after **Overview** so readers can
try the stack immediately without scrolling past architecture content.
- Adds **Security Architecture** — per-layer threat model covering
MariaDB / Redis mTLS (what each property protects, where it's
load-bearing vs. defense-in-depth), the NFS shared-volume in-transit
gap, at-rest storage status, secrets management, and network policies.
- Adds **Production Hardening** — encryption-at-rest options per cloud
(AWS / GCP / Azure / on-prem), MariaDB Transparent Data Encryption (TDE)
recipe using the built-in `file_key_management` plugin, CNI-level
WireGuard guidance for the NFS in-transit gap, and a production
checklist.
- Drops half-supported minikube references in favor of focused Kind
instructions; "other distributions can be substituted by users familiar
with their networking and storage models" remains as a note.
- Updates the base `README.md` summary line to name both purposes
("Working starting point with mTLS, Redis Sentinel failover, multi-node
support; also serves as a reference for secure distributed
deployments").

No code or manifest changes — documentation only.

## Test plan

- [ ] Render `kubernetes/README.md` on GitHub and verify section
navigation flows: Overview → Use → Security Architecture → Connection
Security → Production Hardening
- [ ] Confirm existing operational instructions (kub-up, scaling,
sentinel failover, kub-down) are preserved verbatim
- [ ] Verify the existing Connection Security downgrade paths (MariaDB /
Redis mTLS → TLS → TCP) are unchanged
- [ ] Verify the base `README.md` Kubernetes link still resolves to
`kubernetes/`

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: bradymiller

README.md

@@ -20,7 +20,7 @@ OpenEMR administration and deployment tooling
 ### Deployment Options
 
 * [Ubuntu Installer](packages/appliance): Launch OpenEMR on any Ubuntu 24.04 instance
-* [Kubernetes](kubernetes): OpenEMR Kubernetes orchestration with mTLS, Redis Sentinel failover, and multi-node support
+* [Kubernetes](kubernetes): OpenEMR Kubernetes orchestration. Working starting point with mTLS, Redis Sentinel failover, multi-node support; also serves as a reference for secure distributed deployments
 * [Raspberry Pi](raspberrypi): Install OpenEMR Docker on Raspberry Pi (supports ARMv8 infrastructure)
 
 ### Installations for Amazon Web Services