Security team to do review of open CVEs as part of Weekly Ops and assign GH Issues for resolving in main

[kkhatua]

As part of the OpenSearch 3.4 retrospective one of the observations was to monitor the open CVEs on a weekly basis by the Security Response Team.

For now, I will be tagging the SRT members to include this into their process until an automated workflow can be created.

SRT: @shikharj05 @cwperks @kumargu @nibix @kkhatua

[cwperks]

@kkhatua in order to create a scalable process (as the default distribution of OpenSearch contains a staggering number of dependencies), I suggest we trial cybersecurity agents as they become available (see https://openai.com/index/introducing-aardvark/). In order to scale a process to triage whether opensearch is impacted by a CVE in a dependency I think agents would be very useful in this regard.