Document when we will update dependencies with CVEs

[jamietanna]

Similar to #7, but we should document when/how we'll update vulnerable versions of our dependencies.

Related:

• Vulnerability CVE-2024-44337 is detected one of the dependency github.com/gomarkdown/markdown runtime#64
• CVE-2023-42821 oapi-codegen#1304
• Update transitive markdown parser dependency runtime#12

[jamietanna]

Closed by oapi-codegen/.github#5 - https://github.com/oapi-codegen/.github/blob/HEAD/SECURITY.md#cves-in-dependencies