Clarify documentation about interacion between "--repository" flag and command hooks (#1112).

NEWS

@@ -12,7 +12,8 @@
    incorrectly.
  * #1108: Add a "--comment" flag to the "create" action for creating an archive with a comment.
  * Use the Bandit security analysis tool when running tests.
- * SECURITY: Add timeouts to all monitoring hooks to prevent hangs on network requests.
+ * SECURITY: Add timeouts to all monitoring hooks to prevent hangs on network requests, e.g. due to
+   a compromised monitoring server holding requests open.
  * SECURITY: For the "spot" check, use a more secure source of randomness when selecting paths to
    check.
 

docs/how-to/add-preparation-and-cleanup-steps-to-backups.md

@@ -95,6 +95,10 @@ configured, meaning that the hook commands are run in that directory.
 same `everything` command hook is present in multiple configuration files,
 borgmatic only runs it once.
 
+borgmatic's `--repository` flag does not impact which command hooks get run. But
+you can use the `--config` flag to limit the configuration files (and thus
+command hooks) used.
+
 
 ### Order of execution