Differentiate between fixing a report and making it public.

[ysf]

In the current version of huntr.dev a report goes public when a maintainer assigned a fix to an issue. I think it'll be better to differentiate between fixing a flaw and publishing it.

1. It'll be similar to the original CVE process and general public disclosure policy
2. Coordination in a bug accross multiple projects is easier to handle
3. Maintainers can assign a fix asap and don't have to hold it back until they made a new release.

[jaapmarcus]

See also #2143

But agree waited 2 weeks ago an "low" impact bug report that was fixed but we had to delay the release ...

[tommoor]

Big agreement, I'm waiting on marking reports as fixed that have been to avoid them going public immediately now. But in return that's going to ding my maintainer stats.

[psmoros]

Hi everyone! We now have a separate publish state for reports :)