Document the mitigation for the focus areas in SOC2

[bmarsh9]

The mitigations are currently empty for the SOC2 focus areas. Need to go through each one and write a sentence or two about how the user can achieve compliance.

Currently it is not a huge deal b/c your auditor will be the final judge... but it would still be a great thing to add.