Adjust FedRAMP DR guidance and DR type explanations

To suggest a change to the Product Handbook, please review the updating the Product Handbook section.

Related to:

• https://gitlab.com/gitlab-com/gl-security/security-assurance/security-compliance-commercial-and-dedicated/poam-deviation-requests/-/merge_requests/13
• https://gitlab.com/gitlab-com/gl-security/threatmanagement/vulnerability-management/vulnerability-management-internal/vulnmapper/-/issues/11

Please provide a brief explanation for this change:

(If there's a due date for merging this MR, be sure to include it here.)

This handbook MR expands on the explanations for FedRAMP deviation request types and guidance for team members, to make the deviation request process easier to follow. It also simplifies the process for linking detected vulnerabilities via their tracking issues to a relevant DR to make the process less time consuming and easier to automate. The need to manually detail image artefacts in the DR (which are available via the linked issues) is removed to reduce the time taken and complexity involved when creating DRs given this information is already in the linked vulnerability tracking issues.

Please indicate the types of revisions being suggested for the Product Handbook (please check all that apply):

• Small improvement (typos, clarifications, etc.)
• Adding a new section
• Modifying existing section
• Documenting a new process
• Adding a new page or directory
• Other

Please indicate Milestone

• Assigned to Milestone

Author Checklist

• Provided a concise title for the MR
• Provided a brief explanation for this change (Say why, not just what)
  • (Attach screenshots, Slack conversations, etc. as necessary)
• Indicated the types of changes included in this MR
• Verified that no confidential data is in this MR
• Assigned reviewers for this change to the correct DRI(s)
  • If the DRI for the page/s being updated isn’t immediately clear, then assign it to one of the people listed in the "Maintained by" section on the page being edited.
  • If your manager does not have merge rights, please ask someone to merge it AFTER it has been approved by your manager in #mr-buddies.
• If the changes affect team members, or warrant an announcement in another way, please consider posting an update in #product or #whats-happening-at-gitlab linking to this MR.
  • If this is a change that directly impacts the majority of global team members, it should be a candidate for #company-fyi. Please work with internal communications and check the handbook for examples.