[DOCS] Add changelog for feature flag "allowInsecureSiteResolutionByQueryParameters"

The new feature flag was introduced with the security releases 12.4.4 and 11.5.30:
https://typo3.org/security/advisory/typo3-core-sa-2023-003

Resolves: #101462
Related: #100889
Releases: main, 12.4, 11.5
Change-Id: I891706caa51db8a6c9ab2442d311c6be61755849
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80213


Reviewed-by: Stefan B�rk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Stefan B�rk <stefan@buerk.tech>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

typo3/sysext/core/Documentation/Changelog/11.5.x/Important-100889-AllowInsecureSiteResolutionByQueryParameters.rst

+.. include:: /Includes.rst.txt
+
+.. _important-100889-1690476872:
+
+=======================================================================
+Important: #100889 - Allow insecure site resolution by query parameters
+=======================================================================
+
+See :issue:`100889`
+
+..  important::
+    This change was introduced as part of the
+    `TYPO3 12.4.4 and 11.5.30 security releases <https://typo3.org/security/advisory/typo3-core-sa-2023-003>`__.
+
+Description
+===========
+
+Resolving sites by the `id` and `L` HTTP query parameters is now denied by
+default. However, it is still allowed to resolve a particular page by, for
+example, "example.org" - as long as the page ID `123` is in the scope of the
+site configured for the base URL "example.org".
+
+The new feature flag `security.frontend.allowInsecureSiteResolutionByQueryParameters`
+- which is disabled per default - can be used to reactivate the previous
+behavior:
+
+..  code-block:: php
+
+    $GLOBALS['TYPO3_CONF_VARS']['SYS']['features']['security.frontend.allowInsecureSiteResolutionByQueryParameters'] = true;
+
+
+Impact
+======
+
+Resolving a page via query parameters is now restricted to the specific
+site where the page is located.
+
+Affected installations
+======================
+
+Installations which resolve pages from one domain via another domain.
+
+.. index:: Frontend, NotScanned, ext:core

typo3/sysext/core/Documentation/Changelog/12.4.x/Important-100889-AllowInsecureSiteResolutionByQueryParameters.rst

+.. include:: /Includes.rst.txt
+
+.. _important-100889-1690476871:
+
+=======================================================================
+Important: #100889 - Allow insecure site resolution by query parameters
+=======================================================================
+
+See :issue:`100889`
+
+..  important::
+    This change was introduced as part of the
+    `TYPO3 12.4.4 and 11.5.30 security releases <https://typo3.org/security/advisory/typo3-core-sa-2023-003>`__.
+
+Description
+===========
+
+Resolving sites by the `id` and `L` HTTP query parameters is now denied by
+default. However, it is still allowed to resolve a particular page by, for
+example, "example.org" - as long as the page ID `123` is in the scope of the
+site configured for the base URL "example.org".
+
+The new feature flag `security.frontend.allowInsecureSiteResolutionByQueryParameters`
+- which is disabled per default - can be used to reactivate the previous
+behavior:
+
+..  code-block:: php
+
+    $GLOBALS['TYPO3_CONF_VARS']['SYS']['features']['security.frontend.allowInsecureSiteResolutionByQueryParameters'] = true;
+
+
+Impact
+======
+
+Resolving a page via query parameters is now restricted to the specific
+site where the page is located.
+
+Affected installations
+======================
+
+Installations which resolve pages from one domain via another domain.
+
+.. index:: Frontend, NotScanned, ext:core