Forums: Add notice not to report vulnerabilities

[Ipstenu]

Sometimes people report 0-days in the forums. Perhaps we should add a notice not to report those and direct people to the right places.

Core: ​https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/
Plugins: ​https://developer.wordpress.org/plugins/wordpress-org/plugin-security/reporting-plugin-security-issues/

Props to @benlk for the idea!

[benlk]

The current text on forum submit pages is this:

When posting a new topic, follow these steps:
Read the Forum Welcome ​https://wordpress.org/support/welcome/ to find out how to maximize your odds of getting help!
Search ​https://wordpress.org/support/search/ the forums to see if your topic has been resolved already.
Update to the latest versions of your plugins, themes, and WordPress.
Note the exact steps needed to reproduce your issue.
Provide any information you might think is useful. If your issue is visual, note your browser and operating system. If your issue is technical, note your server environment.

Suggested revisions:

• Change the first step to: "Read the Forum Welcome ​https://wordpress.org/support/welcome/ to find out how to maximize your odds of getting help! If you're here to report a vulnerability, exploit, or security issue with a plugin, please read how to do so safely ​https://developer.wordpress.org/plugins/wordpress-org/plugin-security/reporting-plugin-security-issues/. "
• Add information on reporting security vulnerabilities ​https://developer.wordpress.org/plugins/wordpress-org/plugin-security/reporting-plugin-security-issues/ to the Forum Welcome page ​https://wordpress.org/support/welcome/

This ticket results from the discussion in Slack's #meta at ​https://wordpress.slack.com/archives/C02QB8GMM/p1553200752319200

[SergeyBiryukov]

In 8574:

Support Theme: Add a notice with a link to a handbook article on reporting security issues safely.

Props benlk, Ipstenu.
See #4311.

[SergeyBiryukov]

In 8575:

Support Theme: Add missing textdomain after [8574].

See #4311.

[SergeyBiryukov]

The notice is now live:

Reporting a security issue? Please read ​Reporting Security Vulnerabilities to do that safely.

I've linked to the Core handbook article, as it appears to be more comprehensive and covers plugins, WordPress.com, and self-hosted WordPress sites.

We should probably also add something to that effect to Forum Welcome, keeping the ticket open for that.

[Clorith]

I've updated the forum welcome to also link to the core handbook page on reporting vulnerabilities, along with a reminder not to post them in a public forum.