Use a better changelog format for security products (Secure and Protect)

Our Changelogs could be more useful if they were including more details, especially dates.

I suggest we start using the format recommended by Olivier Lacan in https://keepachangelog.com/en/1.0.0/: Example:

# Changelog
All notable changes to this project will be documented in this file.

The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [Unreleased]

## [1.0.0] - 2017-06-20
### Added
- New visual identity by [@tylerfortune8](https://github.com/tylerfortune8).
- Version navigation.

### Changed
- Start using "changelog" over "change log" since it's the common usage.
- Start versioning based on the current English version at 0.3.0 to help

On top of that, I like having a link to the corresponding merge request directly in the markdown, like gitlab-org/security-products/analyzers/eslint!17 (diffs):

## v2.1.0
- Add support for custom CA certs (!17)

We recently had an issue with SAST, and the changelog doesn't help to figure out what is missing in the latest image built 2 months ago.

Implementation plan

@cam_swords suggested the following plan:

1. • The CHANGELOG.md links to the release, as @plafoucriere suggests,
2. • The release is generated based on a changelog, as @fcatteau suggests, and
3. • The changelog the release uses is a series of separate files similar to GitLab changelogs.

Note: We don't need to achieve all of these steps at once.

/cc @tstadelhofer @whaber