[Meta-Ticket]: Track adding the REP-2006 language to all of the Quality Level{1/2} packages

[clalancette]

As specified in REP-2004, all Quality Level 1 and 2 packages must have a Vulnerability Policy Disclosure policy. This is currently in progress as REP-2006 at ros-infrastructure/rep#262 . Once that is finalized, we will merge it and it will be a "live" REP.

In the meantime, we will open up draft PRs that add a pointer to the eventual location of REP-2006 to all of the packages that are aiming for Quality Level 1 and 2. This ticket is a meta-ticket to track those open PRs. Note that there is no checklist here; just the fact of the PR being open and mentioning this issue is how we'll track them. Once REP-2006 is in, and all of the linked tickets are in, we can close this tracking issue.