Masterkey is not required and should not be available on client side

[nstrelow]

I just learned today, that the Masterkey is only required for changing ACLs. I changed the key and my app was still working. Had a project for 6 months with Masterkey defined in the client app. Luckily not a production app.

Parse Server Readme: https://github.com/parse-community/parse-server#basic-options

The master key to use for overriding ACL security. You can use any arbitrary string. Keep it secret! For migrated apps, this should match your hosted Parse app.

Parse Client JS SDK Docs: https://docs.parseplatform.org/js/guide/

⚠️ If the Masterkey needs to be provided, use the following. Please note that the master key should only be used in safe environments and never on client side ‼️

Maybe we should add a similar strong disclaimer to our Readme?

[davidsowerby]

This was also raised in #417

[fischerscode]

I think we can close this now, as #474 is part of the currently released version.

[nstrelow]

great doc update :D