Add Secure Coding and Deployment Hardening draft

[max-au]

Seems good start to me too. I wonder if we can make any recommendation about tracking adherence to these guidelines. Not necessarily mentioning software or libraries, but at least some information.

[voltone]

What do you mean @max-au? Static analysis tools that can flag potential issues?

On Elixir there's Credo and SoBelow, both mentioned in the Resources chapter. Not sure there is all that much on the Erlang side. I guess it would be possible to build something on top of xref that can flag usage of string_to_atom and os:cmd, and wrap that in a Rebar3 plugin.

But in general I like to think of Secure Coding and Static Analysis as two separate stages in an SDLC. Secure Coding is more about awareness, about developing an intuition for a developer to stop typing and look up the best way to do something. Static analysis can catch some of the same issues, but its main strength is data flow analysis. I'll elaborate on that in my talk next week...

[voltone]

Merging this without linking from the main page, for now, to make it easier to review the rendered pages.