Add comments about un-documented variables to Security CI templates
Problem to solve
It's been decided that specific variables defined in the Security CI templates shouldn't be documented, but there's no evidence of that. Developers and users keep wondering whether these should be documented, and we keep repeating the same conversations. Also, we might not remember the reason why a variable isn't documented, and potentially figure out that circumstances have changed, and that it should now be documented.
See #284600 (comment 451418056) for instance
Further details
Proposal
Update the Security CI templates and add code comments to identify variables that are not documented, and explain why that is.
Who can address the issue
maintainers of these CI templates
Other links/references
/cc @rdickenson