Implementing Checks to tool CVE handling process

[rpelisse]

... which also means gathering requirements on said process :)

[wolfc]

First thing to keep in mind is that embargoed CVEs are not visible to the jboss-set account. They are only visible (as it should be) to specific authorized people.