docs: security.md use runnable examples for permissions and csp (#43248)

* docs: security.md use runnable examples for permissions and csp

Signed-off-by: LeUser111 <florian.wiedenmann@grob.de>

* Removed semi-colon for uniform js code style in examples

Signed-off-by: LeUser111 <florian.wiedenmann@grob.de>

* docs: security.md, session.md - added clarification on defaultSession, added csp example

* docs: security.md/session.md incorporated review feedback

* docs: security.md/session.md incorporated more review feedback

* docs: security.md/session.md incorporated more review feedback

* docs: tutorial/security.md - fixed linting issue

* chore: empty commit for CI

---------

Signed-off-by: LeUser111 <florian.wiedenmann@grob.de>
Co-authored-by: Keeley Hammond <khammond@slack-corp.com>

docs/api/session.md

@@ -66,7 +66,7 @@ The `session` module has the following properties:
 
 ### `session.defaultSession`
 
-A `Session` object, the default session object of the app.
+A `Session` object, the default session object of the app, available after `app.whenReady` is called.
 
 ## Class: Session
 

docs/tutorial/security.md

@@ -299,7 +299,7 @@ const { session } = require('electron')
 const { URL } = require('node:url')
 
 session
-  .fromPartition('some-partition')
+  .defaultSession
   .setPermissionRequestHandler((webContents, permission, callback) => {
     const parsedUrl = new URL(webContents.getURL())
 
@@ -316,6 +316,8 @@ session
   })
 ```
 
+Note: `session.defaultSession` is only available after `app.whenReady` is called.
+
 ### 6. Do not disable `webSecurity`
 
 :::info
@@ -406,6 +408,8 @@ session.defaultSession.webRequest.onHeadersReceived((details, callback) => {
 })
 ```
 
+Note: `session.defaultSession` is only available after `app.whenReady` is called.
+
 #### CSP meta tag
 
 CSP's preferred delivery mechanism is an HTTP header. However, it is not possible