Document assignment of security response roles and how reports are handled

[bartsmykla]

One of the requirements from the new CNCF incubation application is to document the assignment of security response roles and how reports are handled.

I'm not sure how complex this documentation needs to be, but looking at other applications (ref#1, ref#2 - it's checked but, I couldn't find in documentation anything related), maybe some description in application issue would be enough 🤔.

[github-actions]

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed.
If you think this issue is still relevant, please comment on it or attend the next triage meeting.

[github-actions]

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed.
If you think this issue is still relevant, please comment on it or attend the next triage meeting.

[github-actions]

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed.
If you think this issue is still relevant, please comment on it or attend the next triage meeting.