Delineate comparison and tracking logic of vulnerabilities between Secure groups

Why is this change being made?

Clarify the ownership of comparison and tracking logic of vulnerabilities between Thread Insight and other groups of Secure.

This is a follow up from a conversation in the Secure Staff Meeting: https://docs.google.com/document/d/1qHOcQbirFUqXfkI4pz7oBE2FjdCuTK2fgecu-PQ9AVU/edit#bookmark=id.chpp3gbmj07d

Approvals

• @tstadelhofer
• @whaber

Author Checklist

• Provided a concise title for the MR
• Added a description to this MR explaining the reasons for the proposed change, per say-why-not-just-what
• Assign this change to the correct DRI
  • If the DRI for the page/s being updated isn’t immediately clear, then assign it to one of the people listed in the "Maintained by" section in on the page being edited.
  • If your manager does not have merge rights, please ask someone to merge it AFTER it has been approved by your manager in #mr-buddies.
  • If the changes relate to any part of the project other than updates to content and/or data files please make sure to ping @gl-static-site-editor in a comment for a review and merge. For example changes to .gitlab-ci.yml, JavaScript/CSS/Ruby code or the layout files. (this requirement has been removed pending identification of a new DRI for the handbook)