docs: warn about adding capabilities

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2345676

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

docs/source/markdown/options/cap-add.md

@@ -5,3 +5,11 @@
 #### **--cap-add**=*capability*
 
 Add Linux capabilities.
+
+Granting additional capabilities increases the privileges of the
+processes running inside the container and potentially allow it to
+break out of confinement.  Capabilities like `CAP_SYS_PTRACE`,
+`CAP_MKNOD` and `CAP_SYS_MODULE` are particularly dangerous.
+
+Before adding any capability, review its security implications and
+ensure it is really necessary for the container’s functionality.