Best practices for GraphQL in general

What are best practices for designing and implementing GraphQL APIs, considering aspects such as schema design, query optimization, error handling, and security?

How certain practices contribute to improved performance, maintainability, and overall efficiency in GraphQL development. For example, how you would structure your schema to handle nested queries efficiently.

Also what are security concerns by implementing best practices for input validation, authentication, authorization, and protection against common security vulnerabilities. What are robust error-handling strategies within a resolver function that takes security into account?