[github][Security] Add the llvm-security-group team as code owner for Security.rst

[tuliom]

This will help to notify all the LLVM Security Group when pull requests to the documentation are created.

[tuliom]

This should also help to solve the issue mentioned in #106112 (review)

The llvm/llvm-security-group is larger than the Github limit for reviewers (15), making it impossible to add everybody.

[ahmedbougacha]

The diff warns with:

Unknown owner on line 155: make sure the team @llvm/llvm-security-group exists, is publicly visible, and has write access to the repository

It exists and seems visible, so I assume that's another symptom of what you were discussing in #106112, namely that some of the members don't have write access?
I don't know how github will behave. If it adds everyone else, I suppose that's better than today's situation, so I'm happy to give this a try; LGTM!

[cuviper]

I don't think the group is publicly visible -- in a private window, I'm prompted to log in first.

[tuliom]

I don't think the group is publicly visible -- in a private window, I'm prompted to log in first.

The same thing happens with other teams, e.g. reviewers-libcxx .
I wonder if @kbeyls can see the settings of the group.

[tuliom]

Acording to this document, a visible team can be viewed and mentioned by every organization member.
Secret teams get a "Secret" label that members can see.
I don't see this label in the llvm-security-group team.

The problem might be related to not having write access.

[kbeyls]

I don't think the group is publicly visible -- in a private window, I'm prompted to log in first.

The same thing happens with other teams, e.g. reviewers-libcxx . I wonder if @kbeyls can see the settings of the group.

The group should be public, see this screenshot from the team settings I just took (not sure in how far others have access to seeing these settings):

[cuviper]

I think that's still not visible outside the org, but I have no idea how to open that up further.

Or it may just be write access. I dropped my own write access because I felt that sending PRs was enough for me, but I guess I could get it back if that's important here.

[tuliom]

Unfortunately this proposal is not going to work, because it requires to give write access to the team. Thanks @tstellar !
He also suggested that we create a pr-subscribers team. This kind of team is automatically mentioned in the PR. Notice the team is not added as reviewer. But it has the positive side of making write permission more complex by adding yet another team with write permission.

If nobody objects to this new proposal, I will update this PR in the following days.