Make it more obvious how to report security related bugs
We had a report about a bug reporter getting different (and partly) conflicting advice on how to report security sensitive bugs. The canonical way of doing so is mailing to tor-security@lists.torproject.org. However, that seems to be not found easily. We should change that on our website.