In particular, can this document
specifically call out that a local network attacker can MITM all the
peers.

It already does, last sentence of the authentication section is:

Querying multiple nodes and combining their answers can be a partial solution to this, although as nothing authenticates the Bitcoin P2P network a man in the middle could still yield incorrect results

(If Mike would prefer, I can send a diff with proposed changes)

Yes please.