add critical security release process and security awareness training information

This is my first attempt at updating the handbook with a process for handling critical security releases as well as adding some information on our security awareness training and phishing testing.

@stanhu @rspeicher @DouweM @marin @jnijhof @ernstvn