Add TOCTOU to secure code guidelines

What does this MR do?

Describes the "time of check to time of use", some examples, and how to prevent / defend against it.

It also updates a bit about DNS rebinding, since that is one of the main TOCTOU bug classes we are currently seeing.

Consider taking the GitLab Technical Writing Fundamentals course.
Follow the:
Ensure that the product tier badge is added to topic's h1.
Request a review based on:
- The documentation page's metadata.
- The associated Technical Writer.

If you are only adding documentation, do not add any of the following labels:

These labels cause the MR to be added to code verification QA issues.

Documentation-related MRs should be reviewed by a Technical Writer for a non-blocking review, based on Documentation Guidelines and the Style Guide.

If the content requires it, ensure the information is reviewed by a subject matter expert.
Technical writer review items:
- Ensure docs metadata is present and up-to-date.
- Ensure the appropriate labels are added to this MR.
- If relevant to this MR, ensure content topic type principles are in use, including:
  - The headings should be something you'd do a Google search for. Instead of Default behavior, say something like Default behavior when you close an issue.
  - The headings (other than the page title) should be active. Instead of Configuring GDK, say something like Configure GDK.
  - Any task steps should be written as a numbered list.
  - If the content still needs to be edited for topic types, you can create a follow-up issue with the docs-technical-debt label.
Review by assigned maintainer, who can always request/require the reviews above. Maintainer's review can occur before or after a technical writer review.
Ensure a release milestone is set.

Edited Feb 17, 2022 by Nick Malcolm

Assignee

Select assignees

Reviewers

Request review from

Time tracking