Harden pipeline pull-request promotions security documentation and re…

…commendations (#3540)

* extending token protection

* extending security section for pull requests with greater e2e detail and verification

* updated review token point and typos along the document fixed

* WIP tweak language (squash into previous)

This is Eneko and Michael going through together and refining some of the points.

* added policy snippets for each of the mentioned policies to provide more guidance to users.

* More WIP tweaking

* updated to use good practices policy library resources

* Refactored policy section adding link to policy library for both rbac good practices and workload escalation.

* using policy config for pipeline ns workload escalation

* added policy config for managing exclusions and workload escalation paths

* Accepted review suggestion

Co-authored-by: Michael Bridgen <[email protected]>

* Added HMAC link for better understanding

Co-authored-by: Michael Bridgen <[email protected]>

* typo fixed

Co-authored-by: Michael Bridgen <[email protected]>

* rewording for more natural reading

Co-authored-by: Michael Bridgen <[email protected]>

* updated verify security resources to use main branch after PR was merged

* Review rewording to enhance readability and understanding.

Co-authored-by: Michael Bridgen <[email protected]>

* added info on what to do when there is no direct access to the policy library by a customer.

* allow-flux policyconfig aligned after policy library review

* backport to the latest release

---------

Co-authored-by: Michael Bridgen <[email protected]>