Document process for triaging vulnerability reports in ZenDesk

Currently, low severity, duplicate, or otherwise invalid vulnerability reports stay open in ZenDesk with timely replies due to a lack of specific processes for reviewing incoming requests and reassigning to DRIs. This MR adds triaging these incoming requests to the weekly AppSec triage rotation.

I've added it with the HackerOne rotation since a number of them are duplicates or reporters requesting updates outside of H1, so I think it makes sense to be handled by the same person.

cc @gitlab-com/gl-security/appsec for review

cc @wvandenberg @cjdewit @pharrison @jurbanc for visibility