docs: fix stale nested SVCB zone example to flat draft-02 owner

The Tampering/Zone-Configuration example in security-considerations.md
still showed the legacy nested shape ($ORIGIN _agents.example.com. +
_network._mcp SVCB ...) — missed by the flat-FQDN migration. The same
file's other SVCB example (§2.1) is already flat. Update it to the
draft-02 flat owner (network.example.com via $ORIGIN example.com.),
protocol carried in alpn/bap not the FQDN.

(wire-format-01.abnf keeps the nested shape by design — it is the -01
reference; test fixtures keep nested as legacy back-compat data.)

Signed-off-by: Igor Racic <iracic82@gmail.com>

Author: iracic82

docs/rfc/security-considerations.md

@@ -61,11 +61,12 @@ async def discover_agent(fqdn: str) -> Agent:
 **Zone Configuration:**
 ```
 ; DNSSEC-signed zone file
-$ORIGIN _agents.example.com.
+$ORIGIN example.com.
 $TTL 3600
 
-; SVCB record with DNSSEC
-_network._mcp  SVCB 1 mcp.example.com. alpn="mcp" port=443
+; SVCB record at the flat agent owner (draft-02), with DNSSEC.
+; The protocol is carried in `alpn` (or `bap`), not the FQDN.
+network  SVCB 1 mcp.example.com. alpn="mcp" port=443
 
 ; RRSIG will be generated by DNSSEC signing process
 ```