Docs: Description of auth token sending patterns may be incorrect

[verythorough]

Based on some troubleshooting with a partner, @bettse identified a section of the repo README that seems to be incorrect:

Under "Registering your add-on", I believe this is inaccurate:

All requests from Netlify to your add-on’s management API will contain an X-Nf-Sign authorization header. You can verify request are coming from Netlify by verifying the X-Nf-Sign header against your add-on secret.

I think that requests to the add-on's management API have the Authorization header with bearer {service secret}, and that the NON-management API requests (those that we proxy from /.netlify/{service slug}) are the ones with the x-nf-sign header.

While in there, it would be helpful to do a pass to check for broken links (for example, Eric noted the 'Getting started' link under https://github.com/netlify/addons#verification-with-jws).

[erezrokah]

Moving this to icebox per a decision to invest more time in addons.
Please comment if you feel otherwise