docs: Update security to use github reporting

Hackerone hasn't turned out to be particularly useful.  Fortunately, github now
has a mechanism to directly report security vulnerabilities within the project's
pages.  Update the docs to show this as the preferred vulnerability reporting
mechanism.

Signed-off-by: David Brown <david.brown@linaro.org>