Clarify that DAG authors can also run code in DAG File Processor (#33920

)

* Clarify that DAG authors can also run code in DAG File Processor

Small addition to our security model - it was not entirely clear
that DAG authors can also execute code in DAG File Processor and
that DAG File Processor can be run in standalone mode effectively
physically separating machines where scheduler is run and where
the code modified by DAG authors gets parsed.


Co-authored-by: Ephraim Anierobi <splendidzigy24@gmail.com>

docs/apache-airflow/security/security_model.rst

@@ -41,9 +41,13 @@ varying access and capabilities:
    model.
 
 2. **DAG Authors**: They can upload, modify, and delete DAG files. The
-   code in DAG files is executed on workers. Therefore, DAG authors can create
-   and change code executed on workers and potentially access the credentials
-   that DAG code uses to access external systems. DAG Authors have full access
+   code in DAG files is executed on workers and in the DAG File Processor. Note
+   that in the simple deployment configuration, parsing DAGs is executed as
+   a subprocess of the Scheduler process, but with Standalone DAG File Processor
+   deployment managers might separate parsing DAGs from the Scheduler process.
+   Therefore, DAG authors can create and change code executed on workers
+   and the DAG File Processor and potentially access the credentials that the DAG
+   code uses to access external systems. DAG Authors have full access
    to the metadata database and internal audit logs.
 
 3. **Authenticated UI users**: They have access to the UI and API. See below