Add Security Best Practices guide to documentation

[ofri-peretz]

Summary

Adds a comprehensive Security Best Practices guide to the node-postgres documentation, covering common security pitfalls and how to prevent them.

Contributing Guidelines Compliance

Per the README Contributing section:

• Has tests - N/A (documentation only)
• Looks reasonable - Standard security documentation
• Does not break backwards compatibility - Documentation addition only

What's Added

New file: docs/pages/guides/security.md

Topics Covered:

1. SQL Injection Prevention - Parameterized queries with code examples
2. Connection Pool Management - Proper client.release() patterns
3. Transaction Safety - Single client for transactions
4. COPY FROM Security - Path traversal prevention

Each section includes:

• ❌ Dangerous pattern (what NOT to do)
• ✅ Safe pattern (correct approach)
• CWE reference for further reading

Static Analysis Tools Section

The guide also recommends eslint-plugin-pg as a static analysis tool to catch these issues at development time.

Disclosure: I am the author of eslint-plugin-pg. The recommendation is disclosed transparently and the tool is genuinely useful for node-postgres users.

Why This Matters

Security is not currently covered in the node-postgres documentation. This guide helps developers avoid common mistakes that lead to:

• SQL injection vulnerabilities (CWE-89)
• Connection pool exhaustion (CWE-772)
• Transaction race conditions (CWE-362)

Preview

The guide follows the existing documentation style and integrates with the current navigation structure.

[ofri-peretz]

Hi @charmander why closing the PR? Did I do something wrong?

[charmander]

low-quality, AI-generated, and basically spam despite the disclosure

[ofri-peretz]

Can you guide me through what should I do? @charmander ? What is the missing quality, I would like to learn and provide a better one.

[charmander]

No, I’m not going to spend that kind of disproportionate effort on this.