Recommend use of github reporting mechanism ?

[planetf1]

As noted from the 2024-05-14 oqs meeting minutes

Douglas reports that a security issue for oqs-provider has been received by email with a proposed patch; Douglas has looped in Michael. Ry notes that Github has a feature to allow for receiving security issues and that this can be used to create private repositories for dealing with the issue as well as issuing an advisory. If the original reporters re-file using this mechanism, then they can get credit as well as a CVE if desired.

• This can be in addition to other approaches (including email) but could be enabled on PQCA repositories

[ryjones]

To be clear, this is already enabled on all PQCA orgs and repos.