Fix a missing link in the vulnerability runbook (#10818)

Author: abrown

docs/security-vulnerability-runbook.md

@@ -64,11 +64,13 @@ is created these steps are followed:
    it, and that's ok, but try to get the ones that may have common failures.
    This is required because CI doesn't run on private forks.
 
-10. **Open version bump PRs on the public repository**. Use the
-    [online trigger][ci-trigger] for this workflow to open PRs for all versions
-    that are going to be patched. DO NOT include patch notes or release notes
-    for this fix. Use this time to fix CI by landing PRs to the release branches
-    separate from the version bump PR. DO NOT merge the version bump PR.
+10. **Open version bump PRs on the public repository**. Use the [online trigger]
+    for this workflow to open PRs for all versions that are going to be patched.
+    DO NOT include patch notes or release notes for this fix. Use this time to
+    fix CI by landing PRs to the release branches separate from the version bump
+    PR. DO NOT merge the version bump PR.
+
+[online trigger]: https://github.com/bytecodealliance/wasmtime/actions/workflows/release-process.yml
 
 11. **Manually make PRs on release day**. DO NOT merge via the security
     advisory. This has generally not worked well historically because there's