Clarify our policy on secrecy vs. transparency

We have a bunch of areas in bad-relay land where we opted for (partial) secrecy compared to our default transparency (e.g. when listing the rejected fingerprints per month in our wiki or when developing scanners or parts of them in private repo).

We'd benefit from written down the general policy on secrecy vs. transparency that explains how we drew and draw the line in different network-health areas (such as those two above).