:pencil2: Add commentary on OpenShift SCC creation

[conzetti]

TL;DR

• It wasn't clear to an observer what a custom SCC provides over default functionality in OpenShift; added a small blub to describe it.
• Does it make sense to link to the OpenShift docs?

Detail

• The OpenShift documentation provides the following detail around default SCC behavior:

The restricted and restricted-v2 SCCs use MustRunAsRange strategy for constraining and defaulting the possible values of the securityContext.runAsUser field. The admission plug-in will look for the openshift.io/sa.scc.uid-range annotation on the current project to populate range fields, as it does not provide this range. In the end, a container will have runAsUser equal to the first value of the range that is hard to predict because every project has different ranges.

• Source

[cf-gitbot]

We have created an issue in Pivotal Tracker to manage this. Unfortunately, the Pivotal Tracker project is private so you may be unable to view the contents of the story.

The labels on this github issue will be updated when the story is started.

[HenryBorys]

@conzetti Should this be cherry-picked to any other versions?