Separated out browser coding guidance from the javascript standard

[ben-sagar]

Following discussion on the Javascript standard, that has now been distilled down to just using Standard JS, so I've moved this guidance into a separate branch.

This PR is to discuss whether we are still happy to have this information in just as guidance.

[Cruikshanks]

I still feel it's very general advice, that sometimes dips into specifics. For example

mitigate the risks of XSS and XSI attacks

That's great, but I'd ideally like some examples (or pointers to) of how to do this in clientside JavaScript if we are specifying these. It seems actually to be more an opener to being aware of OWASP and the issues it lists. If that's the case then we should say just that and not get into specifics.

The point about testing. Anyone building a web site whatever the tech should be testing with Browserstack, but also for things like accessibility. Again that seems very general and not specific to client-side JavaScript.

Finally, I'd appreciate a clearer context for statements like "Validate inputs on the client and the server". Does this just apply if you are writing client-side JavaScript? Or to anyone building a web app?