docs: update the security release process after 3.15.1 release
This MR updates the security release process after the last security release.
Main changes:
- We don't have to wait till a new CVE number is assigned to the vulnerability. We can release before we have a number.
- We won't be creating a separate branch for backporting the security fixes. It's easier to merge the security branch directly.