Update 6a3-2-1

Introduces a new data type for inferred control inputs to Sensors, and new direct relationships between IoT Things and their control inputs or sensed outputs. These are used to rationalise IoT construction patterns, simplify IoT threats, and eliminate some ambiguities over what Loss of Availability means in an IoT device.

Strictly speaking, this update may break backward compatibility with existing system models, because Loss of Availability is now more consistent with its definition for a Host, i.e., inability to run hosted Processes. This means a new behaviour 'PhysicalShutdown' is needed for Controllers, that represents halting (by physical means) of the associated physical process.

In practice, this only matters if existing system models assign an impact level to Loss of Availability for a Controller, and the level is based on the assumption that it means the physical process would also shut down. In such cases, this impact level should be specified for the new behaviour, and the level assigned to Loss of Availability adjusted appropriately.