Add security.md and how to build custom repo-server from Dockerfile

[jessesuen]

@edlee2121 please review new security doc

[codecov-io]

Codecov Report

Merging #1078 into master will increase coverage by 0.03%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master    #1078      +/-   ##
==========================================
+ Coverage   37.18%   37.22%   +0.03%     
==========================================
  Files          53       53              
  Lines        7683     7683              
==========================================
+ Hits         2857     2860       +3     
+ Misses       4400     4397       -3     
  Partials      426      426

Impacted Files	Coverage Δ
server/server.go	46.13% <0%> (+0.72%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update e68fe35...7164a28. Read the comment docs.

[jessesuen]

Here is an easier view than the diff view.
https://github.com/jessesuen/argo-cd/blob/docs/docs/security.md

[edlee2121]

Great writeup!

[edlee2121]

It doesn't seem like the init container approach is any simpler since you have to build the init container.
Should we always recommend the BYOI approach?

[jessesuen]

No because in my example, I didn't have to build my container-- I got it off the shelf. I will change the example to use something like alpine so it's obvious the advantage of that approach..

[edlee2121]

Seems like many users forget to delete workflows.
Should we set ttlSecondsAfterFinished to a long default value?

[jessesuen]

For Argo CD v0.11, they should not forget because hooks are now visible from UI. We shouldn't choose for them.