Link to Github advisory database from pub.dev/security (#7372)

Author: szakarias

doc/security.md

@@ -10,3 +10,12 @@ In the rare event that you find a vulnerability in pub.dev, contact us at
 
 For more information about how Google handles security issues, see
 [Google’s security philosophy](https://www.google.com/about/appsecurity/).
+
+## Security advisories for packages
+
+In case of a vulnerability regarding a specific package, use GitHub’s [security
+advisory](https://docs.github.com/en/code-security/repository-security-advisories/creating-a-repository-security-advisory)
+feature to create a new security advisory. GitHub will review and ingest the
+advisory into the central [GitHub Advisory
+database](https://github.com/advisories) where you can also go search for
+vulnarabilities in Pub ecosystem.