Improve auth state provider guidance

[guardrex]

Fixes #31496

@surayya-MS ... Ignore my ping. I just found out that you joined a different team.

Thanks @PMcVries! 🚀 ... This isn't the end of the story. There's a lot more work to do on BWA security. This at least calls out Surayya's suggestion to take an approach similar to what the BWA template does. I have a tracking work item separate from your issue to work further on this node of docs, and I'll get to it as soon as I can 🏃‍♂️🏃‍♂️🏃‍♂️🏃‍♂️🏃‍♂️🏃‍♂️🏃‍♂️🏃‍♂️.

Mackinnon, I stole 🚓👮 Surayya's remarks from dotnet/aspnetcore#52317 (comment) to get this coverage going. I don't have the workaround described at dotnet/aspnetcore#52317 (comment) because it sounds like it isn't the best way to manage the scenario. However, I can add it to this if you like, or I can cross-link to the PU issue (e.g., For more information, see XXXXXX.).

---

Internal previews

📄 File	🔗 Preview link
aspnetcore/blazor/security/server/index.md	Secure ASP.NET Core server-side Blazor apps

[MackinnonBuck]

Just a small question, but other than that, LGTM!

[MackinnonBuck]

Are these acronyms used elsewhere? I haven't seen them before.

[guardrex]

Yes, right from the start ...

https://learn.microsoft.com/en-us/aspnet/core/blazor/components/render-modes?view=aspnetcore-8.0

Set up in consultation with Dan. Based on his remarks about industry use, "client-side rendering"/"CSR" doesn't get the "interactive" word applied, and there's an dagger remark there under the table to call that out ☝️.

I always spell these out (static SSR/interactive SSR) first in a section (e.g., "interactive server-side rendering (interactive SSR)"), and then I use "interactive SSR" throughout the section. I figured that "SSR" might be too cryptic for many devs and that it always should be spelled out initially before using the acronym.