Update Bounded_Deducibility_Security
- Generalise BD Security from I/O automata to nondeterministic transition systems, with the former retained as an instance of the latter (renaming locale BD_Security to BD_Security_IO)
- Generalise unwinding conditions to allow making more than one transition at a time when constructing alternative traces, giving more flexibility for unwinding strategies
- Add various helper lemmas and definitions
- Add results about the expressivity of declassification triggers vs. bounds, due to Thomas Bauereiss (added as author)