doc: force vulnerability report to be created as confidential