SECURITY.md: remove references to security@containerd.io

The list is full of spams; legit reports are often overlooked.

Now vulnerabilities should be reported via GHSA forms, e.g.,
https://github.com/containerd/containerd/security/advisories/new

Fix issue 127

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>

SECURITY.md

@@ -2,9 +2,7 @@
 
 ## Reporting a Vulnerability
 
-To report a containerd vulnerability, either:
-
-1. Report it on Github directly:
+To report a containerd vulnerability:
 
     Navigate to the security tab on the repository
     ![Github Security Tab](./img/Security-Tab.png)
@@ -15,9 +13,6 @@ To report a containerd vulnerability, either:
     Click on 'Report a vulnerability'
     ![Report a vulnerability](./img/Report-A-Vulnerability.png)
 
-2. Send an email to `security@containerd.io` detailing the issue and steps
-to reproduce.
-
 The reporter(s) can expect a response within 24 hours acknowledging
 the issue was received. If a response is not received within 24 hours, please
 reach out to any committer directly to confirm receipt of the issue.
@@ -57,7 +52,6 @@ the security announce mailing list. Indirect users who use containerd through a
 vendor are not expected to join, but should request their vendor join. To join
 the mailing list, the individual or organization must be sponsored by either a
 containerd committer or security advisor as well as have a record of properly
-handling non-public security information. If a sponsor cannot be found,
-sponsorship may be requested at `security@containerd.io`. Sponsorship should not
-be requested via public channels since membership of the security announce list
-is not public.
+handling non-public security information.
+Sponsorship should not be requested via public channels since membership of the
+security announce list is not public.