Removes Milestone Due Date from Security OKR template

Context

The Security OKRs page is the single source of truth for how we write, format, and update our OKR and KRs in the Security division.

Changes

This MR updates the New Security KR - GitLab Template section to remove the Milestone Due Date from the template.

Teams can of course choose to add this in if it works for them, but this MR removes it and signals that it is not an expected requirement.

History of the Due Date

Looking at the git history for the security/okr.md file and digging into some older commits, we see that the template with Due Dates was introduced in June 2022 with the intent that it would be utilized mainly by SecAssurance. I mention this to give historical context as to where the Due Date came from, and to highlight that it was not widely discussed nor intended to be an expected standard required for all KRs.

Usage

It doesn't appear that anyone in the Security division consistently uses the template itself, and even fewer teams include a Due Date.

Concerns with including the Due Date in the template

• It reduces flexibility since OKR work isn't always distributed evenly across a quarter (this is especially true for teams that have highly operational and interrupt driven workloads)
• It might set unrealistic expectations or send the wrong signal to team members who aren't familiar with the progress or specifics of the effort
• It can be discouraging if the are behind on a due dates because other work came up
• Setting these at the beginning of the quarter means we're often doing it without the best understanding of the problem, roadblocks, complexities, or urgent tasks that come up
• It's difficult to get due dates correct, especially when the relationship between % complete and time needed is often unclear