doc: revise security-reporting text in README
Simplify and clarify the security-reporting text in the README. Now is also probably a good time to ping the security triage folks to make sure the text is still accurate.
Checklist
-
make -j4 test
(UNIX), orvcbuild test
(Windows) passes -
documentation is changed or added -
commit message follows commit guidelines