Fix typo in security.md (#1768)

Original: It means *than* for `PUT` or `PATCH` requests, ...
Fixed: It means *that* for `PUT` or `PATCH` requests

Author: jay-low

core/security.md

@@ -111,7 +111,7 @@ Available variables are:
 * `request` (only at the resource level): the current request
 
 Access control checks in the `security` attribute are always executed before the [denormalization step](serialization.md).
-It means than for `PUT` or `PATCH` requests, `object` doesn't contain the value submitted by the user, but values currently stored in [the persistence layer](data-persisters.md).
+It means that for `PUT` or `PATCH` requests, `object` doesn't contain the value submitted by the user, but values currently stored in [the persistence layer](data-persisters.md).
 
 ## Executing Access Control Rules After Denormalization