Create Security manager teams for all Jupyter Orgs that have the same people everywhere.

[Carreau]

Have a schedule to audit it.

• https://docs.github.com/en/rest/orgs/security-managers?apiVersion=2022-11-28
• https://docs.github.com/en/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization
• https://github.blog/changelog/2021-10-21-introducing-the-organization-level-security-manager-role/

[Carreau]

Note in particular that even if private vulnerability reporting is enabled to allow every user to create a security advisory, the "private vulnerability reporting" is per-repo, while security manager is per-org.