Outdated security advisory flow

[mratsim]

The suggested security advisory flow is incorrect, probably refering to an old workflow.

sha3-d/.github/SECURITY.md

Lines 5 to 6 in dc34beb

	If you believe to have found a vulnerability in sha3-d, I strongly advise you
	to draft a new security advisory under Security > Securitiy advisories.

In the current Github, only admins can create a security advisory so people have to contact you privately:

https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/creating-a-repository-security-advisory

Who can use this feature

Anyone with admin permissions to a repository, or with a security manager role within the repository, can create a security advisory.

Note: I don't have any security issue to report. Was just curious.

[dd86k]

Hey, thanks for noticing.

I've enabled Private vulnerability reporting (Beta), which "Allow your community to privately report potential security vulnerabilities to maintainers and repository owners.". Hoping this will work.

I've also noticed a typo in the snippet that you highlighted (regarding "Securitiy"), I'll tweak the SECURITY.md file later and apply it to my blake2 repo as well.