Add security notes to BitMap demo page (#12405)

[msynk]

closes #12405

Summary by CodeRabbit

• Documentation
  • Added comprehensive security best practices to mapping services documentation, including guidance on token and key management through restriction strategies, URL allowlists, billing caps, per-environment tokens, recommended authentication methods like Entra ID, and asset scoping for Mapbox GL, ArcGIS Maps SDK, Azure Maps, and CesiumJS demo configurations.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 349ee425-8328-42bc-b628-c651f67e9f30

📥 Commits

Reviewing files that changed from the base of the PR and between 3a9646c and d34c2fa.

📒 Files selected for processing (1)

• src/BlazorUI/Demo/Client/Bit.BlazorUI.Demo.Client.Core/Pages/Components/Extras/Map/BitMapDemo.razor

---

Walkthrough

This PR adds security guidance sections to four map provider demos in the BitMapDemo component. Each provider section now includes specific recommendations for token/key management, access restrictions, and authentication best practices to help developers secure their map implementations.

Changes

Map Provider Security Guidance

Layer / File(s)	Summary
Security guidance for map providers src/BlazorUI/Demo/Client/Bit.BlazorUI.Demo.Client.Core/Pages/Components/Extras/Map/BitMapDemo.razor	Four security guidance sections added: Mapbox GL recommends public token restrictions via URL allowlists and per-environment tokens; ArcGIS describes referrer restriction configuration; Azure Maps recommends Entra ID/SAS token auth with origin restrictions and usage alerts; CesiumJS advises dedicated tokens with scoped asset access and URL allowlisting.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Poem

🗺️ Four maps now whisper their secrets with care,
Token and key restrictions float through the air,
Mapbox, ArcGIS, Azure take the stage,
Security wisdom on every page,
Cesium ions glow with restricted might!
hops away

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Add security notes to BitMap demo page' clearly and specifically describes the main change: adding security notes to the BitMap demo page, matching the file modifications.
Linked Issues check	✅ Passed	The PR successfully addresses issue #12405 by adding security notes to BitMap demo sections for all token/key-requiring providers (Mapbox, ArcGIS, Azure Maps, CesiumJS) with appropriate guidance.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to adding security notes in the BitMap demo file and are aligned with the objective of issue #12405; no extraneous modifications detected.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

Adds provider-specific security guidance to the BitMap demo page for map services that may require browser-visible tokens or API keys.

Changes:

• Adds Mapbox token handling and restriction guidance.
• Adds ArcGIS API key restriction guidance for non-OSM basemaps.
• Adds Azure Maps and Cesium token/key security notes.