Document when and how a suggested MR is created as a result of a vulnerability

Wait for #34649 (closed) to complete - after it's complete check if the below is covered, if so close the issue no work needed! if it's vague or unclear please update docs for the below goals.

Problem to solve

In Secure we have third parties that wish to integrate into our pipeline as a security or compliance product. As a result of their finding they may wish to recommend a solution to the developer.

Further details

Please in doc/development/ how third parties should properly complete the remediation section to be successful. It should point to both a full, not truncated, example json, as well as have explanations for each field (name, description, required or not, rules/format).

Proposal

Who can address the issue

Other links/references