docs: add bitbucket app password requirements

Highlight the permissions requirements for users attempting to
authenticate to Bitbucket with an App Password. Also fix a few typos in
the Basic Authentication section, since we're already making changes with
the App Password information.

Author: ldennington

docs/bitbucket-development.md

@@ -62,13 +62,22 @@ processes.
 
 ### Basic Authentication
 
+:rotating_light: Requirements for App Passwords :rotating_light:
+
+If you are planning to use an [App Password][app-password] for basic
+authentication, it must at a minimum have _Account Read_ permissions (as shown
+below). If your App Password does not have these permissions, you will be
+re-prompted for credentials on every interaction with the server.
+
+![][app-password-example]
+
 If the GCM needs to prompt the user for credentials they will always be shown an
 initial dialog where they can enter a username and password. If the `username`
 parameter was passed into the GCM it is used to pre-populate the username field,
 although it can be overridden. When username and password credentials are
-submitted the GCM will use them to attempt to retrieve a token, for Basic
-Authentication this token is in effect the password the user just entered. The
-GCM retrieves this `token` by checking the password can be used to successfully
+submitted GCM will use them to attempt to retrieve a token, for Basic
+Authentication this token is in effect the password the user just entered. GCM
+retrieves this `token` by checking the password can be used to successfully
 retrieve the User profile via the Bitbucket REST API.
 
 If the username and password credentials sent as Basic Authentication
@@ -82,7 +91,7 @@ stored and nothing is returned to Git.
 
 However if the request fails with a 403 (Forbidden) return code, this indicates
 that the username and password are valid but 2FA is enabled on the Bitbucket
-Account. When this occurs the user it prompted to complete the OAuth
+Account. When this occurs the user is prompted to complete the OAuth
 authentication process.
 
 ### OAuth
@@ -194,6 +203,8 @@ require configuration in the form:
     ❯ git config --global credential.https://example.com:7990/bitbucket.usehttppath true
 
 [additional-info]:https://confluence.atlassian.com/display/BITBUCKET/App+passwords
+[app-password]: https://support.atlassian.com/bitbucket-cloud/docs/app-passwords/
+[app-password-example]: img/app-password.png
 [atlas-run-standalone]: https://developer.atlassian.com/server/framework/atlassian-sdk/atlas-run-standalone/
 [bitbucket]: https://bitbucket.org
 [2fa-impl]: https://confluence.atlassian.com/bitbucket/two-step-verification-777023203.html