cve_policy: add link to OpenSSF vulnerability disclosure work

Add a link to newly released OpenSSF Vulnerability Disclosure WG guide
to disclosure for OSS projects.

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>