Create new documentation guide & pages that clearly documents what issues are not considered security issues

Problem/Motivation

Moving the discussion over from https://groups.drupal.org/node/516554..

It is often unclear whether something is considered a security issue, and the information that is available is not linked to from key locations.

Proposed resolution

Create either a new docs guide in the security team section for itemizing each issue that is not considered a security issue, with each issue getting its own page.
Alternatively: create a single page that lists all of the items which are not considered security issues.
Provide links to this guide / page in key locations, e.g. on the Reporting a security issue → page, in the auto-responder text for emails to the security team, etc.

items that could be included:

• Username enumeration is not considered an information disclosure vulnerability (with link to core issue discussing changing this policy).
• Content access through Views displays can ignore access on those entities.
• Various unused APIs in included JavaScript libraries, eg jquery.js, are often flagged by automated testing services & software.
• Projects are not responsible for vulnerabilities in dependent libraries, so long as those libraries are not included in the codebase and the project's dependency definitions allow the libraries to be updated.
• User permissions and advanced functionality ("restrict_access" flag).
• Security issues that cannot be exploited.
• Disclosure of version numbers is not a vulnerability.

Remaining tasks

Decide whether this is something we want to do.
Do the work.