Create a how-to guide for addressing a new CVE

[mike-solomon]

Tim asked about this here: https://moderneinc.slack.com/archives/C045V3G92K1/p1754498680968639

He suggested the following steps:

• Recipe to analyze problematic version usage at all, and where
• Recipe to find method usages, as detailed in the CVE
• Recipe to bump dependency version, if that's enough to address the issue
• Recipe to weave some code around method usage, when needed for remediation

He also suggested creating an accompanying repository that has a few CVEs in separate modules - with recipes and code samples for fixes for various scenarios.

Blockers

I struggled to find examples of what recipes to run. I tried looking for Log4Shell vulnerabilities and couldn't find anything. I asked moddy about it and it couldn't find anything. Many of the repos I was looking at even said they had log4shell vulnerabilities - so no idea why we couldn't find it.

I then tried looking for snakeyaml - but saw no recipes for upgrading from 1.x to 2.x Similar to before, Moddy could not provide any details about it.

Tim offered to provide more details when he has time - which I think will be necessary for this to progress.