docs: how security > capabilities works (#13946)

* docs: how `security > capabilities` works

* Add how to use it

* Apply suggestions

* Relative to `Cargo.toml`

* Remove the relative base wording

crates/tauri-cli/config.schema.json

@@ -1150,7 +1150,7 @@
           ]
         },
         "capabilities": {
-          "description": "List of capabilities that are enabled on the application.\n\n If the list is empty, all capabilities are included.",
+          "description": "List of capabilities that are enabled on the application.\n\n By default (not set or empty list), all capability files from `./capabilities/` are included,\n by setting values in this entry, you have fine grained control over which capabilities are included\n\n You can either reference a capability file defined in `./capabilities/` with its identifier or inline a [`Capability`]\n\n ### Example\n\n ```json\n {\n   \"app\": {\n     \"capabilities\": [\n       \"main-window\",\n       {\n         \"identifier\": \"drag-window\",\n         \"permissions\": [\"core:window:allow-start-dragging\"]\n       }\n     ]\n   }\n }\n ```",
           "default": [],
           "type": "array",
           "items": {

crates/tauri-schema-generator/schemas/config.schema.json

@@ -1150,7 +1150,7 @@
           ]
         },
         "capabilities": {
-          "description": "List of capabilities that are enabled on the application.\n\n If the list is empty, all capabilities are included.",
+          "description": "List of capabilities that are enabled on the application.\n\n By default (not set or empty list), all capability files from `./capabilities/` are included,\n by setting values in this entry, you have fine grained control over which capabilities are included\n\n You can either reference a capability file defined in `./capabilities/` with its identifier or inline a [`Capability`]\n\n ### Example\n\n ```json\n {\n   \"app\": {\n     \"capabilities\": [\n       \"main-window\",\n       {\n         \"identifier\": \"drag-window\",\n         \"permissions\": [\"core:window:allow-start-dragging\"]\n       }\n     ]\n   }\n }\n ```",
           "default": [],
           "type": "array",
           "items": {

crates/tauri-utils/src/config.rs

@@ -2468,7 +2468,26 @@ pub struct SecurityConfig {
   pub pattern: PatternKind,
   /// List of capabilities that are enabled on the application.
   ///
-  /// If the list is empty, all capabilities are included.
+  /// By default (not set or empty list), all capability files from `./capabilities/` are included,
+  /// by setting values in this entry, you have fine grained control over which capabilities are included
+  ///
+  /// You can either reference a capability file defined in `./capabilities/` with its identifier or inline a [`Capability`]
+  ///
+  /// ### Example
+  ///
+  /// ```json
+  /// {
+  ///   "app": {
+  ///     "capabilities": [
+  ///       "main-window",
+  ///       {
+  ///         "identifier": "drag-window",
+  ///         "permissions": ["core:window:allow-start-dragging"]
+  ///       }
+  ///     ]
+  ///   }
+  /// }
+  /// ```
   #[serde(default)]
   pub capabilities: Vec<CapabilityEntry>,
   /// The headers, which are added to every http response from tauri to the web view