Best Practices Document

[UlisesGascon]

This issue is just to keep tracking the work we've been doing in the Security WG. We've created a Best practices document targeting Node.js users.

This document intends to extend the current threat model and provide extensive guidelines (attacks explained, mitigations, etc..) on how to secure a Node.js application. It may change over releases.

Normally, the discussion around this document happens in the OpenJS Foundation slack (#nodejs-discussion-security-model and nodejs-security-wg). Feel free to contribute.