Apply suggestions from code review

Co-authored-by: John Krug <[email protected]>
Signed-off-by: Víctor Cuadrado Juan <[email protected]>

Author: viccuad

docs/howtos/security-hardening/security-hardening.md

@@ -9,17 +9,16 @@ doc-type: [howto]
 doc-topic: [operator-manual, security]
 ---
 
-Kubewarden strives to be reasonable secure with little configuration, even
-acknowledging that security is a spectrum.
+Kubewarden strives to be secure with little configuration.
 In this section and its subpages you can find hardening tips (with their
 trade-offs) to secure Kubewarden itself.
 
 Please refer to our [threat model](../reference/threat-model) for more information.
 
 ### `kubewarden-defaults` Helm chart
 
-Operators can obtain a reasonable secure deployment by installing all the
-Kubewarden Helm charts. Particularly, it is recommended to install the
+Operators can obtain a secure deployment by installing all the
+Kubewarden Helm charts. It's recommended to install the
 `kubewarden-defaults` Helm chart and enable its recommended policies with:
 
 ```console
@@ -28,7 +27,7 @@ helm install --wait -n kubewarden kubewarden-defaults kubewarden/kubewarden-defa
   --set recommendedPolicies.defaultPolicyMode=protect
 ```
 
-This provides a default PolicyServer and default policies in protect mode to
+This provides a default PolicyServer and default policies, in protect mode, to
 ensure the Kubewarden stack is safe from other workloads.
 
 ### Verifying Kubewarden artifacts
@@ -37,7 +36,7 @@ See the [Verifying Kubewarden](../tutorials/verifying-kubewarden) tutorial.
 
 ### RBAC
 
-The Kubewarden RBAC configurations are described in the different
+Kubewarden describes RBAC configurations in different
 _Explanations_ sections. Users can fine-tune the needed permissions for the
 [Audit Scanner](../explanations/audit-scanner#permissions-and-serviceaccounts)
 feature, as well as [per Policy Server](../explanations/context-aware-policies)
@@ -51,32 +50,32 @@ kubectl get clusterroles,roles -A | grep kubewarden
 
 ### Per-policy permissions
 
-For context-aware policies, operators specify fine-graded permissions per
+For context-aware policies, operators specify fine-grained permissions per
 policy under its `spec.contectAwareResources`, and those work in conjuction
 with the Service Account configured for the Policy Server where the policy
 runs.
 
 ### Workload coverage
 
-By default, specific Namespaces are excluded from Kubewarden coverage. This is
+By default, Kubewarden excludes specific Namespaces from Kubewarden coverage. This is
 done to simplify first-time use and interoperability with other workloads.
 
 Security-conscious operators can tune these Namespaces list via the
-`.global.skipNamespaces` Value for both the `kubewarden-controller` and
+`.global.skipNamespaces` value for both the `kubewarden-controller` and
 `kubewarden-defaults` Helm charts.
 
 ### SecurityContexts
 
-Starting from 1.23, Kubewarden's stack is able to run inside of a Namespace
+Starting from 1.23, Kubewarden's stack is able to run in a Namespace
 where the [restricted
 Pod Security Standards](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted)
-is enforced, with current Pod hardening best practices.
+are enforced, with current Pod hardening best practices.
 
 The `kubewarden-controller` Helm chart configures the SecurityContexts and
-exposes it in its `values.yaml`.
+exposes them in its `values.yaml`.
 
 The `kubewarden-defaults` Helm chart allows for configuing the default Policy
 Server `.spec.securityContexts` under `.Values.policyServer.securityContexts`.
 
-For Policy Servers managed by operators, they can be configured via their
+For Policy Servers managed by operators, you can configure them via their
 [`spec.securityContexts`](https://docs.kubewarden.io/reference/CRDs#policyserversecurity).