Update README.md with Required Vulnerability Disclosure

[gmaciolek]

JIRA Ticket:
BB2-1698

User Story or Bug Summary:

New Federal mandate requires that we add the vulnerability disclosure policy link to all our web pages + publicly facing products

What Does This PR Do?

• verify there are no mistakes in the text
• does the table of contents at the top properly link to the security section?
• does the vulnerability disclosure policy link work?

What Security Implications Does This PR Have?

Submitters should complete the following questionnaire:

• If the answer to any of the questions below is Yes, then here's a link to the associated Security Impact Assessment (SIA), security checklist, or other similar document in Confluence: N/A.
  • Does this PR add any new software dependencies? Yes or No.
  • Does this PR modify or invalidate any of our security controls? Yes or No.
  • Does this PR store or transmit data that was not stored or transmitted before? Yes or No.
• If the answer to any of the questions below is Yes, then please add StewGoin as a reviewer, and note that this PR should not be merged unless/until he also approves it.
  • Do you think this PR requires additional review of its security implications for other reasons? Yes or No.

n/a

What Needs to Be Merged and Deployed Before this PR?

n/a

This PR cannot be either merged or deployed until the following pre-requisite changes have been fully deployed:

• CMSgov/some_repo#42

n/a

I have gone through and verified that...:

• [x ] This PR is reasonably limited in scope, to help ensure that:
  1. It doesn't unnecessarily tie a bunch of disparate features, fixes, refactorings, etc. together.
  2. There isn't too much of a burden on reviewers.
  3. Any problems it causes have a small "blast radius".
  4. It'll be easier to rollback if that becomes necessary.
• [x ] I have named this PR and its branch such that they'll be automatically be linked to the (most) relevant Jira issue, per: https://confluence.atlassian.com/adminjiracloud/integrating-with-development-tools-776636216.html.
• [x ] This PR includes any required documentation changes, including README updates and changelog / release notes entries.
• [x ] All new and modified code is appropriately commented, such that the what and why of its design would be reasonably clear to engineers, preferably ones unfamiliar with the project.
• [x ] All tech debt and/or shortcomings introduced by this PR are detailed in TODO and/or FIXME comments, which include a JIRA ticket ID for any items that require urgent attention.
• [ x] Reviews are requested from both:
  • At least two other engineers on this project, at least one of whom is a senior engineer or owns the relevant component(s) here.
  • Any relevant engineers on other projects (e.g. BFD, SLS, etc.).
• [ x] Any deviations from the other policies in the DASG Engineering Standards are specifically called out in this PR, above.
  • Please review the standards every few months to ensure you're familiar with them.

[ajshred]

Looks good!