Restore severity thresholds documentation

[tallclair]

It was brought to my attention that Kubernetes users were relying on our severity thresholds for interpreting severity ratings (e.g. https://cloud.google.com/kubernetes-engine/docs/resources/security-patching#how_vulnerabilities_are_classified). These aren't perfect, but I didn't see anything too misleading. I recast these as heuristics for interpreting severity ratings, and clarified that we generally use CVSS.

I'd still prefer to switch to a guide oriented around CVSS (https://github.com/kubernetes/committee-security-response/issues/147), but I think this is acceptable until we get that written.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: tallclair

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/kubernetes/committee-security-response/blob/main/OWNERS)~~ [tallclair] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

[destijl]

/lgtm thanks for putting it back. I think this is useful community content.

[tabbysable]

Agreed, this may not be perfect but I didn't notice anything egregiously wrong when I skimmed it; if it provides value to the community it's good to put it back.

/lgtm