Docs: link Security Policy from awesome-list troubleshooting reply

[aaronlab]

Why

The awesome-list submission notes include a troubleshooting reply for reviewer follow-up, local first-run issues, CI failures, and AI/coding-agent debugging. That reply should route security-sensitive reports or private trace data to the Security Policy before anyone posts details publicly.

Scope

Update docs/launch/github-awesome-list-submissions.md in the Troubleshooting Reply section with a short note that links SECURITY.md and tells contributors to use the private security path before sharing sensitive details publicly. Keep the existing JSON CLI diagnostics and First PR Recipe links.

Contributor coordination

If you want to work on this, comment here first. Maintainers will treat that comment as an active claim and leave a short claim window before taking the same issue directly.

Acceptance criteria

• docs/launch/github-awesome-list-submissions.md links SECURITY.md from the troubleshooting reply area.
• The note mentions security-sensitive reports or changes and private trace data.
• Add or update a metadata test so this guidance does not regress.
• Do not add any request for stars, upvotes, reposts, or promotional engagement.

Suggested verification

uv run --python 3.11 --extra dev pytest -q tests/test_metadata.py -k awesome_list_submission
uv run --python 3.11 --extra dev pytest -q tests/test_metadata.py
uv run --python 3.11 --extra dev pytest -q
git diff --check

[aaronlab]

Rotated this issue into the current contribution path.

Evidence:

• BrowserTrace rotation commit: 9f7249d (docs: rotate good first issue to 223).
• Profile rotation commit: 04a8c25 (docs: rotate browsertrace good first issue).
• Local focused rotation check: uv run --python 3.11 --extra dev pytest -q tests/test_metadata.py -k "github_profile_draft_links_current_trial_and_contribution_paths or readme_links_contributor_guide_near_contributing or contributing_includes_first_pr_recipe or llms_txt_points_to_current_contribution_path or press_kit_includes_current_trial_and_contribution_paths or response_templates_link_first_pr_recipe_for_small_contributions or directory_submission_sheet_links_first_pr_recipe_for_small_contributions or product_hunt_packet_includes_current_trial_and_contribution_paths or show_hn_packet_links_current_good_first_issue or channel_copy_links_first_pr_recipe_for_small_contributions or tutorial_post_links_first_pr_recipe_for_small_contributions or chinese_tutorial_post_links_first_pr_recipe_for_small_contributions or owner_next_actions_link_first_pr_recipe_for_small_contributions or chinese_owner_next_actions_link_first_pr_recipe_for_small_contributions or outreach_targets_link_first_pr_recipe_for_small_contributions or search_indexing_submission_links_first_pr_recipe_for_small_contributions or awesome_list_submission_notes_link_first_pr_recipe_for_contributors or launch_control_room_has_current_audit_and_uvx_fallback or owner_next_actions_preserves_external_awesome_list_pr_numbers" -> 19 passed, 184 deselected.
• Local metadata suite: uv run --python 3.11 --extra dev pytest -q tests/test_metadata.py -> 203 passed.
• Local full suite: uv run --python 3.11 --extra dev pytest -q -> 285 passed.
• git diff --check -> clean for BrowserTrace and profile repos.
• Remote CI: 25626929745 success.
• Remote Pages: 25626929748 success.

Leaving this open as the current good-first contribution path.

[aqilaziz]

I can take this one. I'll update the troubleshooting reply to link SECURITY.md and add the metadata coverage requested.

[aaronlab]

Thanks @aqilaziz, go ahead.

I will leave #223 open for you and will not rotate or implement it myself before 2026-05-11 12:00 UTC. A small focused PR that updates the awesome-list troubleshooting reply plus the matching metadata coverage is exactly the right scope.