Add documentation page to list assumptions made off of 800-53 / FedRAMP workflows.

[butler54]

Issue description / feature objectives

NIST 800-53 ,and FedRAMP are currently the only standards with officially released content for OSCAL, however, they are highly overlapping.

As a result we may be making presumptions based on nist 800-53 based formulations, particularly the catalog and SSP in our code.

One example would be that within a control the control prose is within statement is the only field that is required to describe control requirements.

Another example is that when considering a 'statement' to respond to in an SSP, you must respond individually either to one top level statement, or it's children, but not it's grandchildren parts.

When a major assumption is based on NIST 800-53 or FedRAMP (or another standard) that is hard coded into trestle it would be good to have this documented in a centralised place.

This could also include forbidden names / other assumptions in trestle.