Start document with security recommendations

[antoninbas]

At the moment, the document discusses how to restrict access from Pods
to the OVSDB file persisted on each Node's filesystem.

[antrea-bot]

Thanks for your PR.
Unit tests and code linters are run automatically every time the PR is updated.
E2e, conformance and network policy tests can only be triggered by a member of the vmware-tanzu organization. Regular contributors to the project should join the org.

The following commands are available:

• /test-e2e: to trigger e2e tests.
• /skip-e2e: to skip e2e tests.
• /test-conformance: to trigger conformance tests.
• /skip-conformance: to skip conformance tests.
• /test-whole-conformance: to trigger all conformance tests on linux.
• /skip-whole-conformance: to skip all conformance tests on linux.
• /test-networkpolicy: to trigger networkpolicy tests.
• /skip-networkpolicy: to skip networkpolicy tests.
• /test-windows-conformance: to trigger windows conformance tests.
• /skip-windows-conformance: to skip windows conformance tests.
• /test-windows-networkpolicy: to trigger windows networkpolicy tests.
• /skip-windows-networkpolicy: to skip windows networkpolicy tests.
• /test-hw-offload: to trigger ovs hardware offload test.
• /skip-hw-offload: to skip ovs hardware offload test.
• /test-all: to trigger all tests (except whole conformance).
• /skip-all: to skip all tests (except whole conformance).

[codecov-commenter]

Codecov Report

Merging #1296 into master will decrease coverage by 0.01%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master    #1296      +/-   ##
==========================================
- Coverage   54.40%   54.39%   -0.02%     
==========================================
  Files         115      115              
  Lines       10807    10807              
==========================================
- Hits         5880     5878       -2     
- Misses       4353     4354       +1     
- Partials      574      575       +1     

Flag	Coverage Δ
#integration-tests	44.95% <ø> (ø)
#unit-tests	41.46% <ø> (-0.03%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
pkg/apiserver/storage/ram/store.go	77.44% <0.00%> (-1.51%)	⬇️

[abhiraut]

wonder what the scope of this document will be going further? best practices? or only security related? if former then shall we name it best-practices.md?

[antoninbas]

@abhiraut probably just security related, that's how I envision it

A bit like https://kubernetes.io/docs/concepts/security/

[abhiraut]

@abhiraut probably just security related, that's how I envision it

A bit like https://kubernetes.io/docs/concepts/security/

nice.. i had not seen the 4Cs of security before.

[antoninbas]

/skip-all