Documentation: security-bugs.rst: clarify CVE handling

commit 3c1897ae upstream.

The kernel security team does NOT assign CVEs, so document that properly
and provide the "if you want one, ask MITRE for it" response that we
give on a weekly basis in the document, so we don't have to constantly
say it to everyone who asks.

Link: https://lore.kernel.org/r/2023063022-retouch-kerosene-7e4a@gregkh


Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>