Add security warning to ArrayPool.Return documentation

[Copilot]

Summary

Adds an IMPORTANT note to ArrayPool<T>.Return documenting that returning the same array twice or using it after return causes high-severity security vulnerabilities.

The note warns about:

• Double-free vulnerability (CWE-415): Returning the same array reference multiple times
• Use-after-free vulnerability (CWE-416): Accessing the array after returning it to the pool

Both can lead to data corruption, data leaks, and denial of service. Links to CWE definitions are included for reference.

Original prompt

Create PR that adds a note to ArrayPool.Rent docs.

The note should say that returning the same reference twice or continue using the reference after it has been returned is high severity security issue (double-free and use-after-free vulnerabilities - include links to the definitions).

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[Copilot]

Pull Request Overview

This PR adds a critical security warning to the ArrayPool<T>.Return method documentation, alerting developers to the severe consequences of misusing the API.

• Adds an IMPORTANT callout documenting double-free and use-after-free vulnerabilities
• Includes links to CWE definitions (CWE-415 and CWE-416) for reference
• Warns about potential consequences: data corruption, data leaks, and denial of service

[GrabYourPitchforks]

Tanner is correct in that CWE-415 / 416 are very C-oriented. If there is a security incident resulting from misuse of ArrayPool, the culprit is most likely to be CWE-672 (root cause) and CWE-488 (proximate cause). If you were going for technical accuracy, I'd choose these over 415 / 416.

I imagine this doc is going for a friendly analogy more than technical accuracy. In that light, "double free" and "use after free" seem fine since they're well understood concepts and they adequately enough describe the general shape of the problem.