Advertise more clearly the CLIENT_SECRET is disclosed on purpose

[ObjectIsAdvantag]

From #6, #7, I propose to add comments in the server.js code:

• the presence of the CLIENT_ID & SECRET in the code is on purpose, and not disclosed by inadvertance
• these default value are historically used in a lab to git clone & launch the integration in minutes and then further work from an actual Webex integration account in step 2, see https://developer.cisco.com/learning/tracks/collab-cloud/spark-apps/collab-spark-intl/step/1