Add information on security

[nuest]

Add a "Security considerations" section to the spec?

Or at least document in the developer guide: Why are ERC not a security risk?

Take a look at https://tools.ietf.org/html/draft-kunze-bagit-14#section-6

Reasons:

• the spec prohibits use of EXPOSE
• the containers are only executed without external network access using Network: none, see Docker CLI run documentation