fix: clarify root auth rationale for cross-contract calls

Author: mootz12

docs/build/guides/auth/contract-authorization.mdx

@@ -252,7 +252,7 @@ To illustrate how to add authorization to a simple cross-contract invocation, we
 
 The invoking contract in the mentioned example contract creates a client for invoking the `add()` function in the addition contract. Let’s say we want the `add()` contract to be authorized by a user. Then, we need to pass the user to the `add()` contract function from the invoking function.
 
-Even though the invoking function may not require the user’s authorization, the `add()` function will panic if it encounters authorization not tied to the root/top contract invocation. Therefore, we need to use `require_auth()` on the user in the invoking function.
+Even though the invoking function may not require the user’s authorization, it's recommended to authorize the user at the entry point. Without that, the authorized inner `add()` call can be front-run by anyone without being wrapped in `add_with()`. Adding `require_auth()` at the entry point ensures that all the inner contract calls that are authorized on behalf of user will be executed atomically together with the entry point call. Therefore, we need to use `require_auth()` on the user in the invoking function.
 
 This is how the function looks: