* Add clarifications around read-only operations and enabling download only flag to avoid 'upload' errors to read only system * Update USAGE.md to reflect added config options
* Add option to request readonly access in oauth authorization step * Add application-security.md to document application security