Pantheon is a unique web host, in that you are unable to edit files or add plugins directly to the live site. The following is a list of resources when working on a site that is hosted by Pantheon:
Installing WordPress Plugins on Pantheon:
https://pantheon.io/docs/guides/wordpress-git/plugins
Pushing Plugins (or other code changes) from Pantheon dev to the live site:
https://pantheon.io/docs/pantheon-workflow#code-moves-up-content-moves-down
Fancy Infographic on the Pantheon Development Cycle:
https://pantheon.io/sites/default/files/pantheon_dev_cycle_infographic_0.pdf
The 30-second version of it all this is:
All code changes -- whether it's custom work by Cornershop or adding a plugin -- happen on dev
Content changes -- adding new posts, form submissions, image uploads, etc -- happen on live
"test" is typically where the two are smushed together, giving a chance to verify that everything looks okay before code and content are combined once and for all on live
If testing a feature or plugin on test and you decide to not move forward with it, remember to remove the plugin or revert back to the live version.
Why does this workflow exist?
Security: Security is a big part of Pantheon's workflow. Because code on the live website cannot be directly changed, bad plugins cannot be accidentally installed, code cannot be hacked to do nefarious things, and bad updates will need to best tested in two environments before they even reach live. There is no FTP or SSH to the live environment to make code changes directly on the live site, so this eliminates one attack mode that someone can you to hack your site.
QA: You can QA code changes and updates before they reach your live site. Make sure that everything runs smoothly and as expected before pushing updates.
Are there any downsides to Pantheon?
Due to how Pantheon works, live environments do not have static IP addresses. If you have a website that needs to have a static IP address, then Pantheon is not the right platform to host your website. Most of the time, this is not an issue and most websites do not need to have a static IP address for external connections. This only becomes an issue if your website needs to connect with an external service (e.g. a third-party API) and that service requires whitelisting IP addresses in order to use that service or the service limits traffic to a range of IP addresses.