Updates CVE request process for security engineer release documentation

Previously, the AppSec team would request CVE identifiers using the MITRE web form. We have recently started using an internal repository to make that request. This MR updates the security engineer release duties documentation to reflect that.

This is a relatively new process and I have only gone through it once, so there might be some mistakes or oversights in this MR. I'm happy to make any changes and any feedback is very much welcome!