Documentation update for mandatory allowlist in 4.0

[jrochkind]

I was looking to update to ransack 4.0, which I discovered has a backwards incompatible change requiring an allowlist for attributes and associations per #1273 and #1400.

This was clearly marked in the CHANGELOG... and the error message you get if you dont' supply the allowlist is actually pretty good!

But I was surprised to see that much ransack documentation appears to not have been updated. Perhaps it should be? Some examples:

https://activerecord-hackery.github.io/ransack/getting-started/simple-mode/ says:

By default, searching and sorting are authorized on any column of your model. See Authorization (allowlisting/denylisting) on how to prevent this.

That's obviously wrong. If we follow the link to: https://activerecord-hackery.github.io/ransack/going-further/other-notes/#authorization-allowlistingdenylisting

It's kind of all wrong, starting with "here's how these four methods are implemented in ransack" -- nope, not anymore in 4.0.

All the "getting started" and other tutorial docs should probably be updated to actually provide examples of implementing the required ransackable_attributes etc methods?

Additionally, a little "migrating to 4.0" guide with migration advice would be very welcome. I was a bit surprised/dismayed to see that if I accidentally left out (eg) an attribute, I would not get an error even trying to include it with ransack, but it would just be no-op ignored. This makes it a bit harder to make sure you have fully migrated to ransack 4.0 and listed all necessary attributes. It might be nice if there were a configuration that would make things raise in those cases, that you might want to turn on when running tests for instance, to ease the migration.

[1c7]

Any updates?

[stv8]

just chiming in as a new user of rails + ransack, the docs are very off and I was super confused setting this up, any way to get the related PR for the docs change merged?