Normalize the security contacts of the different repositories

[bjohansebas]

We should standardize the points of contact. For example, here https://github.com/webpack/webpack-dev-middleware/security it is set to contact webpack@opencollective.com, while in this other case https://github.com/webpack/webpack-cli/security it points to the email of the npm package maintainers.

Maybe it would be better to have a single security file in the .github repository, so we don’t have to maintain one file per repository. In some cases, I’ve seen they include a supported versions section — we could instead have a separate file in the security-wg repository with a list of those repositories and replicate the same table.

Also, I think there’s already another email for reports, right? webpack-security@openjsf.org

[avivkeller]

Refer to https://github.com/webpack/webpack/pull/19841/files for the planned communication channels for an incident response