doc: add point to ask H1 reporter about credit

This commit updates the security release process document with a bullet point to ask the HackerOne reporter if they would like to be credited for reporting the vulnerability. We might also be able to add a question like this to the HackerOne template when a report is created, but it would still be good to have this bullet point to remember to include the information in the security release blog post.