move security info to its own page

This makes it easier to find.

Also sort the maintainers list while I'm here.

book/SUMMARY.md

@@ -5,3 +5,4 @@
 * [Migration to/from Conduit](./migration.md)
 * [Changelog](./changelog.md)
 * [Contributing](./contributing.md)
+  * [Coordinated vulnerability disclosure](./contributing/security.md)

book/contributing.md

@@ -1,7 +1,5 @@
 # Contributing
 
-## On GitLab
-
 Instructions for getting GitLab access can be found on the [sign-in][sign-in]
 page.
 
@@ -15,19 +13,3 @@ issue on your behalf.
 
 [room]: https://matrix.to/#/#grapevine:computer.surgery
 [sign-in]: https://gitlab.computer.surgery/users/sign_in
-
-## Information about a vulnerability
-
-If you find a security vulnerability in Grapevine, please privately report it to
-the Grapevine maintainers in one of the following ways:
-
-* Open a GitLab issue that's marked as confidential
-* Create a private, invite-only, E2EE Matrix room and invite the following
-  users:
-  * `@olivia:computer.surgery`
-  * `@charles:computer.surgery`
-  * `@xiretza:xiretza.xyz`
-
-If the maintainers determine that the vulnerability is shared with Conduit or
-other forks, we'll work with their teams to ensure that all affected projects
-can release a fix at the same time.

book/contributing/security.md

@@ -0,0 +1,15 @@
+# Coordinated vulnerability disclosure
+
+If you find a security vulnerability in Grapevine, please privately report it to
+the Grapevine maintainers in one of the following ways:
+
+* Open a GitLab issue that's marked as confidential
+* Create a private, invite-only, E2EE Matrix room and invite the following
+  users:
+  * `@charles:computer.surgery`
+  * `@olivia:computer.surgery`
+  * `@xiretza:xiretza.xyz`
+
+If the maintainers determine that the vulnerability is shared with Conduit or
+other forks, we'll work with their teams to ensure that all affected projects
+can release a fix at the same time.