[RF-DOCS] Action Controller Overview and Advanced Topics Guides [ci-skip] (rails#53551)

This Pull Request updates the Action Controller Overview Rails Guide, as well as creates a new guide called "Action Controller Advanced Topics".

- [X] JSON Parameters mentions setting config.wrap_parameters in an initializer, but I think the right configuration is now [config.action_controller.wrap_parameters_by_default](https://edgeguides.rubyonrails.org/configuring.html#config-action-controller-wrap-parameters-by-default). Maybe that could be turned into a subsection as well, so it's clearer it's a related thing.
- [X] Composite Key params should probably link to the composite guide. It should probably use the same "clients" example the guide has been using so far. extract_value should link to the API.
- [X] Strong Parameters should link to the API.
- [X] Explaining cookies before sessions might make sense for a better flow of the guide, since sessions are based on cookies (at least the default / most commonly use)
- [X] Maybe the session section could be reorganized a bit, to start with explaining what it is and how to use it (accessing the session subsection), and then moving on to configuring it. This is an overview guide, so you need to learn how to use the thing before needing to change how it works. (thus configuring stuff could likely be pushed to a subsection instead.)
- [X] We show an example of user login under the session section, and mention reset_session as a way to reset the whole session. However, it's recommended to [use reset_session after logging in as a way to prevent session fixation attacks, as explained in the security guide](https://edgeguides.rubyonrails.org/security.html#session-fixation-countermeasures). I think the example should include that, to be more complete and safe by default, just in case people use it as base for their auth implementation.
- [X] When explaining about the flash, we mention that anything can be passed, but a few lines above we show an example about displaying all contents of the flash... I've been bitten by that in the past, displaying something that's not a notice or alert, perhaps we should add some extra copy that mentions to avoid it? Or the example that displays the messages could filter just notice/alert.
- [X] The rendering section has an example originally taken from scaffold, but I don't think that reflects the current state of it... it's probably alright to use an example with respond_to there, but maybe not mentioning via scaffold.
- [X] If we create a new Action Controller Rendering of sorts guide as mentioned in [Action Controller Responses -> Action View rendering (needs naming) - Documentation Updates](https://3.basecamp.com/3076981/buckets/35498807/todos/7082286966), this is where we could link to with more info, and expand on how to use respond_to and formats, as I don't think that's explained anywhere.
- [X] Around filter transaction example can be simplified to omit the begin..end (ensure in blocks now work)
- [X] The request forgery protection might be a bit too much for this overview guide, and it doesn't talk about anything that's controller specific, other than mentioning it's there... if we keep it, we could at lest link to the API guides on the topic, and maybe mention protect_from_forgery.
- [X] Also the form_authenticity_token paragraph seems to indicate an example but adds another somewhat duplicate paragraph afterwards, felt confusing.
- [X] Streaming seems another topic that's kinda advanced for an "overview"... maybe the whole downloads section.

Co-authored-by: Harriet Oughton <[email protected]>
Co-authored-by: Ridhwana <[email protected]>
Co-authored-by: Petrik de Heus <[email protected]>
Co-authored-by: JD Gonzales <[email protected]>
Co-authored-by: Shannon Skipper <[email protected]>

Author: 6 people