[Documentation request] Clarify if web adapters are designed to be public facing

[returnDanilo]

It is mentioned that [t]he web adapters are ready with batteries-included to handle OAuth and EventSub via webhooks[0]. While supporting webhooks strongly suggests the adapter is secure enough to be public facing, the same is not as clear for the OAuth functionality. The examples in the docs of using the adapters to handle oauth are restricted to a "localhost" scenario, where you have control over incoming requests. So, it'd be good if it were stated more clearly what the feature was designed for.

[returnDanilo]

Oopsie! There are examples relating oauth usage and a domain name...

I still think it could be a bit more clear, specially in the Migrating and Quickstart pages, so I'll leave the issue open :)