docs(adr): add security ADRs for Gatekeeper, Falco, and Trivy

- ADR-0040: OPA Gatekeeper policy framework (constraint templates,
  progressive enforcement, warn-first strategy)
- ADR-0041: Falco runtime threat detection (modern eBPF on Talos,
  Falcosidekick → Alertmanager integration)
- ADR-0042: Trivy Operator vulnerability scanning (5 scanners enabled,
  ARM64 scan job scheduling, Talos adaptations)
- Update ADR-0018: mark Falco as implemented, link to detailed ADRs
- Update README: add 0040-0042 to ADR table, update badge counts

decisions/0018-security-policy-enforcement.md

@@ -228,9 +228,17 @@ This is acceptable because Talos itself is security-hardened by design.
 
 1. **Move to `deny` enforcement** once baseline violations are resolved
 2. **Add network policies** via Cilium for workload isolation
-3. **Integrate Falco** for runtime threat detection
+3. ✅ **Falco integrated** — see [ADR-0041](0041-falco-runtime-threat-detection.md) for runtime threat detection
 4. **Add SBOM generation** with Trivy for supply chain visibility
 
+## Detailed Component ADRs
+
+| Component | ADR | Purpose |
+|-----------|-----|--------|
+| Gatekeeper | [ADR-0040](0040-opa-gatekeeper-policy-framework.md) | Policy templates, constraints, enforcement progression |
+| Falco | [ADR-0041](0041-falco-runtime-threat-detection.md) | Runtime threat detection, eBPF driver, Falcosidekick |
+| Trivy Operator | [ADR-0042](0042-trivy-operator-vulnerability-scanning.md) | Vulnerability scanning, compliance reports, Talos adaptations |
+
 ## References
 
 * [OPA Gatekeeper](https://open-policy-agent.github.io/gatekeeper/)