Improve security-related recommendations for DevTools' remote application support

[wilkinsona]

We currently note that remote application support is a security risk, recommend the use of SSL and document the need to configure a secret. There are some problems with these recommendations:

1. We do not offer any advice about what the secret should be
2. An example of configuring the secret in the documentation encourages copy and paste
3. Using SSL either requires a certificate signed by a trusted authority or use of a self-signed certificate that can be cumbersome when using a browser to access the application under development

The strongest recommendation should be that remote application support is only used on a trusted network. We should also recommend that the secret is unique to the application and hard to guess so that it cannot be brute-forced. If the network cannot be trusted and there is a risk of a malicious actor, remote application support should either not be used or SSL and a unique, hard-to-guess secret must be used.