Add same origin policy to security guide

[msecret]

In order for 18F developers to have a practical understanding of what the same origin policy is and how to use it correctly, there should be a section in the security guide about it.

It should:

• [ ] Either include a link to information about output encoding, or written information.
• [ ] The guidance should include practical examples and information on how a team can actually continue this practice on a real team, including tools to use.
• [ ] The link should be reviewed by 18F security lead