Proposal: add repository security advisory

[bjohansebas]

GitHub has a feature that allows creating a draft security advisory to privately discuss and fix a security vulnerability, similar to how issue templates work.

For example, Next.js has this feature enabled:

I believe this would improve the process of reporting potential vulnerabilities in Express and its packages.

ref:

• https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability
• https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/creating-a-repository-security-advisory

[UlisesGascon]

Yep! We will add this to all the repos at some point (hope soon). I will transfer the issue to the Security-wg for execution :+1: