Our HackerOne program started before GitHub add proper handling of vulnerabilities.

Given the influx of report on the HackerOne program, I recommend we close it for three reason:

1. for each report, we have then to create a GitHub vulnerability anyway to get a private branch, causing friction
2. a lot of users of HackerOne use projects like ours to boost their signal
3. easier permission management, as its easier to add people

In order to do this we should:

1. update all our documentation to say to report vulns via the project own Security page docs: update vulnerability reporting to use GitHub Security #6475 docs: update security reporting to use GitHub Security Advisories .github#46
2. make sure the security page is enabled everywhere
3. pause submissions to the HackerOne program
4. finish handling all the remaining reports
5. finally close it

Are there any objections?