Extra clarification for low trust only (pnp#1873)

* Extra clarification for low trust only

Added extra clarification that this works for low trust only as it can easily be missed when scanning the text

* Another indicator for low trust

Added low trust as a prerequisite as well

* Added SharePoint 2016 and 2019

This will work for SharePoint 2016 and 2019 on-premises as well, thus adding that too

Author: KoenZomers

Samples/Core.Services.Authenticate/README.md

@@ -8,10 +8,10 @@ This scenario shows how you can call Web API 2 services from low trust provider
 ### Applies to ###
 -  Office 365 Multi Tenant (MT)
 -  Office 365 Dedicated (D)
--  SharePoint 2013 on-premises
+-  SharePoint 2013/2016/2019 on-premises (low trust only)
 
 ### Prerequisites ###
-None
+- Low Trust OAuth set up on your environment (default for Office 365, needs manual setup for on-premises)
 
 ### Solution ###
 Solution | Author(s)
@@ -220,4 +220,4 @@ function getCookie(cname) {
 ### Testing ###
 This solution hardcodes https://bjansencorswebapi.azurewebsites.net as host for the cross domain call. If you want to test this then you'll need to deploy the Core.Services.Authenticate.WebAPI project to your host. Point is that you cannot test cross domain calls when testing on localhost.
 
-<img src="https://telemetry.sharepointpnp.com/pnp/samples/Core.Services.Authenticate" />
+<img src="https://telemetry.sharepointpnp.com/pnp/samples/Core.Services.Authenticate" />