Update Approval guidelines to include RED/ORANGE data reviews

Follow-up of https://gitlab.com/gitlab-org/gitlab-ee/issues/6236, which contained initially a requirement on RED/ORANGE data review:

1. If your merge request is processing, storing, or transferring any kind of [RED data][https://docs.google.com/document/d/15eNKGA3zyZazsJMldqTBFbYMnVUSQSpU14lo22JMZQY/edit], and/or ORANGE data, it must be
    **approved by a [Security Engineer][team]**.

Since the linked document is private, and therefore we can't include that requirement in the guidelines. This issues is to find a solution for this.

/cc @kathyw @jritchey