DEVDOCS-3296: [update] add security best practices (#521)

<!-- Ticket number or summary of work -->
# [DEVDOCS-3296]


## What changed?
added security best practices 

## Release notes draft

* Added security requirements developers can implement while creating an
app. Now, you can deliver secure apps and keep clients safe.


## Anything else?
<!-- Add related PRs, salient notes, additional ticket numbers, etc. -->

ping {names}


[DEVDOCS-3296]:
https://bigcommercecloud.atlassian.net/browse/DEVDOCS-3296?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ

docs/integrations/apps/guide/publishing.mdx

@@ -89,7 +89,13 @@ Review the information added before submitting the app.
 
 ## Submit your app for approval
 
-Ensure all information is complete, then click **Submit for Review** to pay the review and listing fee and submit the app. Test the app before submitting it to avoid paying additional review fees.
+Before submitting your app for approval, it is imperative to adhere to the recommended best practices listed below to ensure the integrity of the app marketplace and keep clients safe. 
+
+* Integrate with the [BigCommerce JS SDK](https://github.com/bigcommerce/checkout-sdk-js) for Java-based apps. The SDK effectively allows management of the user’s session, keeping it in sync with the control panel.
+* At a minimum, design apps to be cookieless (to comply with Chrome and Safari privacy/ security policies) and instead use JWTs to pass information.
+* Never pass sensitive data using query parameters.
+
+After completing all information, then click **Submit for Review** to pay the review and listing fee and submit the app. Test the app before submitting it to avoid paying additional review fees.
 
 ![Payment & Submission](https://storage.googleapis.com/bigcommerce-production-dev-center/Big%20Design%20Docs/Payment%20%26%20Submission.png "Payment & Submission")