docs: full-page sentence-case sweep across 5 worst-offender pages

- channels/msteams: 8 H2/H3 (Federated Authentication, Local Development, Known Limitations, Reply Style, Presentation Cards, Private Channels, etc.)
- auth-credential-semantics: 4 H2 (Stable Probe Reason Codes, Token Credentials, Explicit Auth Order Filtering, Probe Target Resolution)
- tools/browser: preserve brand-named headings (Browserless, WebSocket CDP, Chrome MCP, Control API, Brave); minor cleanup
- security/CONTRIBUTING-THREAT-MODEL: 4 H2/H3 (What We Use, Risk Levels, Review Process; Threat IDs preserved as branded label)
- gateway/multiple-gateways: 4 H2 (Best Recommended Setup, Why This Works, General Multi-Gateway Setup, Isolation Checklist)

docs/security/CONTRIBUTING-THREAT-MODEL.md

@@ -39,7 +39,7 @@ Attack chains show how multiple threats combine into a realistic attack scenario
 
 Typos, clarifications, outdated info, better examples - PRs welcome, no issue needed.
 
-## What We Use
+## What we use
 
 ### MITRE ATLAS
 
@@ -62,7 +62,7 @@ Each threat gets an ID like `T-EXEC-003`. The categories are:
 
 IDs are assigned by maintainers during review. You don't need to pick one.
 
-### Risk Levels
+### Risk levels
 
 | Level        | Meaning                                                           |
 | ------------ | ----------------------------------------------------------------- |
@@ -73,7 +73,7 @@ IDs are assigned by maintainers during review. You don't need to pick one.
 
 If you're unsure about the risk level, just describe the impact and we'll assess it.
 
-## Review Process
+## Review process
 
 1. **Triage** - We review new submissions within 48 hours
 2. **Assessment** - We verify feasibility, assign ATLAS mapping and threat ID, validate risk level