Add what to do when a public security MR is opened

Why is this change being made?

There is been questions in the security channel about what to do when a security MR is opened in public, related thread. This MR adds text about engaging SIRT to delete the MR and branch.

Fixing in the public section in the handbook looks like a good place to add these details. However, this looks like a frequently asked question in slack so what about having an appsec FAQ page to capture various appsec related questions like this one in the handbook? So proposing to add an FAQ page under the appsec runbook folder.

Author Checklist

• Provided a concise title for this Merge Request (MR)
• Added a description to this MR explaining the reasons for the proposed change, per say why, not just what
  • Copy/paste the Slack conversation to document it for later, or upload screenshots. Verify that no confidential data is added.
• Assign reviewers for this MR to the correct Directly Responsible Individual/s (DRI)
  • If the DRI for the page/s being updated isn’t immediately clear, then assign it to one of the people listed in the Maintained by section on the page being edited
  • If your manager does not have merge rights, please ask someone to merge it AFTER it has been approved by your manager in #mr-buddies
• If the changes affect team members, or warrant an announcement in another way, please consider posting an update in #whats-happening-at-gitlab linking to this MR
  • If this is a change that directly impacts the majority of global team members, it should be a candidate for #company-fyi. Please work with internal communications and check the handbook for examples.

---