Revises SSO summary in Big Bang overview

Package Merge Request

Package Changes

No Package changes. Revises the wording summarizing SSO in the Big Bang overview. I verified the validity of the claims in a test k8s / bb cluster.

Package MR

No Package changes

For Issue

Closes #2233 (closed)

Upgrade Notices

N/A

docs/README.md

@@ -47,7 +47,9 @@
     * These upgrades are pre-tested. The Big Bang team "eats our own dogfood." Our CI jobs for developing the Big Bang product, run against a Big Bang Dogfood Cluster, and as part of our release process we upgrade our Big Bang Dogfood Cluster, before publishing each release.
     > **Note:** We ONLY support and recommend successive upgrades. We do not test upgrades that skip multiple minor versions.
     * Auto updates are also possible by setting kustomization.yaml to 1.x.x, because Big Bang follows semantic versioning per the [Big Bang README](../README.md#release-schedule), and flux is smart enough to read x as the most recent version number.
-* DoD Software Developers get a Developer User Experience of "Single Sign On (SSO) for free," instead of developers coding SSO support 10 times for 10 apps. The complexity of SSO support is baked into the platform, and after an operations team correctly configures the Platform's SSO settings, SSO works for all apps hosted on the platform. The developer's user experience for enabling SSO for their app then becomes as simple as adding the label `istio-injection=enabled` (which transparently injects mTLS service mesh protection into their application's Kubernetes YAML manifest) and adding the label `protect=keycloak` to each pod (which leverages an EnvoyFilter CustomResource to auto inject an SSO Authentication Proxy in front of the data path to get to their application).
+* Applications can get "Single Sign On (SSO) for free," as long as an operations team correctly configures the SSO settings. For details, see the [SSO Readme](docs/developer/package-integration/sso.md). Once Authservice is configured, to enable SSO for an individual app, developers need only ensure the presence of the two following labels:
+    - __Namespace__ `istio-injection=enabled`: transparently injects mTLS service mesh protection into their application's Kubernetes YAML manifest
+    - __Pod__ `protect=keycloak`: declares an EnvoyFilter CustomResource to auto inject an SSO Authentication Proxy in front of the data path to get to their application
 
 ## How do I deploy Big Bang?