This is a very high bar to meet.
Someone will get hurt if you’re not thorough, but you may know that already.
Jonah wrote an article which is a good starting point (see also: discussion thread) but no where near enough for your threat model.
I left some comments on Jonah’s article on GitHub (you may have to click “show resolved” to see some of those): https://github.com/privacyguides/privacyguides.org/pull/2860
You’ll also possibly want to speak & review with groups / orgs like Harvard BKC, Tor, Mozilla Fellows, Citizen Lab (Canada), etc