Add enabling vulnerability reporting as a plugin hosting expectation

[oleg-nenashev]

We would like to have a unified approach for security matters reporting. See the discussion in GradleUp/.github#1 (comment)

References

• https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository