Add a "security team advisory coverage" field to projects to indicate whether or not they're opted into the process

Phase 1 of #2666584: [Community Initiative Proposal] Project Applications Process Revamp involves decoupling the security team process from the creation of full projects and releases by making it an opt-in process.

This issue is for creating a security team advisory coverage field - which will indicate whether a project has opted into the process.

Implementation details:
Phase 1:

• Add a "security team advisory coverage" field to projects to indicate whether or not they're opted into the process
• Mass update all existing full projects with stable releases to indicate they are 'covere'd ^^ in the new field
• Projects that are not covered should display a warning
• Create a D8 core patch to indicate that opt-in to coverage status in the update status information
  • #2766491: Update status should indicate whether installed contributed projects receive security coverage
• Backport patch to D7

Phase 2: Set up the opt-in process

• Allow security team members to update the security advisory coverage field on projects
• Rename the current 'git vetted' role to something like 'May opt-in to security advisory coverage' <- security team can set up their opt in process to receive that
  • This is an evolution of what was originally planned in: #2035235: Add a permission for creating stable releases, and grant to “git vetted” users
• Allow node owners of projects with the 'May opt-in...' role to update the advisory coverage field to opt-in.