Clarifying security policy level docs (esp for first time reader)

What does this MR do?

The current permission docs:

1. state that a user with Developer role or higher can "Manage" security policies - which generally means "do everything" in security systems. It also uses "security policy" without disambiguating "Individual Policies" from "Security Policy Projects" - only seeing the other related permission clarifies this and it does not proceed nor is co-located with this permission.
2. and the information that they cannot "Create or Assign" appears several lines lower.

This MR updates the information to:

1. Clarify that a Developer role or higher can "Create, Update, Delete Individual Security Policies" (rather than manage)
2. Places it immediately below the existing line that shows only an "Owner" role can create a security policy project or assign one - which is a required step before the Developer Role can make changes to individual policies.

Screenshots or screen recordings

Related issues

Author's checklist

• Optional. Consider taking the GitLab Technical Writing Fundamentals course.
• Follow the:
  • Documentation process.
  • Documentation guidelines.
  • Style Guide.
• If you're adding or changing the main heading of the page (H1), ensure that the product tier badge is added.
• If you are a GitLab team member, request a review based on:
  • The documentation page's metadata.
  • The associated Technical Writer.

These labels cause the MR to be added to code verification QA issues.

Reviewer's checklist

Documentation-related MRs should be reviewed by a Technical Writer for a non-blocking review, based on Documentation Guidelines and the Style Guide.

If you aren't sure which tech writer to ask, use roulette or ask in the #docs Slack channel.

• If the content requires it, ensure the information is reviewed by a subject matter expert.
• Technical writer review items:
  • Ensure docs metadata is present and up-to-date.
  • Ensure the appropriate labels are added to this MR.
  • Ensure a release milestone is set.
  • If relevant to this MR, ensure content topic type principles are in use, including:
    • The headings should be something you'd do a Google search for. Instead of Default behavior, say something like Default behavior when you close an issue.
    • The headings (other than the page title) should be active. Instead of Configuring GDK, say something like Configure GDK.
    • Any task steps should be written as a numbered list.
    • If the content still needs to be edited for topic types, you can create a follow-up issue with the docs-technical-debt label.
• Review by assigned maintainer, who can always request/require the reviews above. Maintainer's review can occur before or after a technical writer review.