fix navigation links and include Serving > App Security link to Administration page (#6475)

Author: dprotaso

docs/versioned/.nav.yml

@@ -102,6 +102,7 @@ nav:
           - Configuring Activator capacity: serving/load-balancing/activator-capacity.md
       # Serving - Application Security
       - Application security:
+        - Secure Pod Defaults: serving/app-security/secure-pod-defaults.md
         - Security Guard: serving/app-security/security-guard.md
       # Serving - observability
       - Observability:
@@ -275,7 +276,7 @@ nav:
           - Configure gradual rollout of traffic to Revisions: serving/configuration/rolling-out-latest-revision-configmap.md
           - Config Revision Garbage Collection: serving/revisions/revision-admin-config-options.md
           - Configure the Defaults ConfigMap: serving/configuration/config-defaults.md
-          - Secure Pod Defaults: serving/app-security/secure-pod-defaults.md
+          - Secure Pod Defaults: serving/configuration/secure-pod-defaults.md
           - Serving encryption configuration:
             - Overview: serving/encryption/encryption-overview.md
             - Configure cert-manager integration: serving/encryption/configure-certmanager-integration.md

docs/versioned/serving/app-security/secure-pod-defaults.md

@@ -0,0 +1,12 @@
+---
+audience: developer
+components:
+  - serving
+function: how-to
+---
+
+Knative Serving provides a `secure-pod-defaults` configuration option that  allows operators to default Service configuration to run in the Kubernetes [restricted](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted) Pod Security Standard profile without requiring application developers to explicitly set security properties. 
+
+These settings are controlled by operators so please refer to the [administration documentation](/docs/serving/configuration/secure-pod-defaults).
+
+

docs/versioned/serving/configuration/secure-pod-defaults.md

@@ -21,7 +21,7 @@ Knative Serving provides a `secure-pod-defaults` configuration option that  allo
 
 ## Key Features
 
-### **Progressive Security Hardening**
+### Progressive Security Hardening
 When `root-allowed` is configured:
 security settings only apply if the field is not set -- if it is explicitly set to any value, it's assumed to be intentional, and not modified.
 - Sets `allowPrivilegeEscalation` to `false`
@@ -35,7 +35,7 @@ When `enabled` is configured:
 - All of the above, PLUS
 - Sets `runAsNonRoot` to `true` if not already specified
 
-### **Respects User Intent**
+### Respects User Intent
 - Only applies defaults when values are not explicitly set by users
 - Never overrides user-specified security contexts