Add note about cloning the bucket for safety purposes

[villasv]

As I'm increasingly relying on updatable content outside the template (e.g. the metric lambda), it would be best if production deployments don't use this project's public bucket as it becomes a security threat to import and run unmanaged code.

[villasv]

After taking a look at other AWS Quick Starts that use lambda (e.g. https://github.com/aws-quickstart/quickstart-cloud9-ide), I've noticed that they have a CopyZipfiles lambda (inline on the template) that makes sure the zipfiles are copied to the account owner own buckets.

This solves the issue of control over the lambda packages, but the issue remains on the startup scripts, which could be eliminated if we use AMIs (#34).