[phb:security] Fix vuln.xml testing procedure

Summary:
In [[https://svnweb.freebsd.org/ports?view=revision&revision=562203|r562203]]
and [[https://svnweb.freebsd.org/ports?view=revision&revision=562203|r562204]] the vuln.xml file was splitted by year.

As stated in the commit message, `pkg(8) audit` does not support entities and hence,
we need to use the vuln-flat.xml file to test changes to the port.

Test Plan:
* Try something like this:

```
$ pkg audit -f ./vuln.xml gitea-1.13.4
pkg: Syntax error while parsing vulnxml
pkg: cannot process vulnxml
```

and then:

```
$ pkg audit -f ./vuln-flat.xml gitea-1.13.4
0 problem(s) in 0 installed package(s) found.
```

After the patch:

* `igor` clean
* The documentation is rendered properly.

Reviewers: 0mp, gbe

Differential Revision: https://reviews.freebsd.org/D29219

documentation/content/en/books/porters-handbook/security/chapter.adoc

@@ -198,6 +198,14 @@ Verify its syntax and formatting:
 % make validate
 ....
 
+The previous command generates the [.filename]#vuln-flat.xml# file. It can also
+be generated with:
+
+[source,bash]
+....
+% make vuln-flat.xml
+....
+
 [NOTE]
 ====
 At least one of these packages needs to be installed: package:textproc/libxml2[], package:textproc/jade[].
@@ -207,7 +215,7 @@ Verify that the `<affected>` section of the entry will match the correct package
 
 [source,bash]
 ....
-% pkg audit -f ${PORTSDIR}/security/vuxml/vuln.xml dropbear-2013.58
+% pkg audit -f ${PORTSDIR}/security/vuxml/vuln-flat.xml dropbear-2013.58
 ....
 
 Make sure that the entry produces no spurious matches in the output.
@@ -216,7 +224,7 @@ Now check whether the right package versions are matched by the entry:
 
 [source,bash]
 ....
-% pkg audit -f ${PORTSDIR}/security/vuxml/vuln.xml dropbear-2013.58 dropbear-2013.59
+% pkg audit -f ${PORTSDIR}/security/vuxml/vuln-flat.xml dropbear-2013.58 dropbear-2013.59
 dropbear-2012.58 is vulnerable:
 dropbear -- exposure of sensitive information, DoS
 CVE: CVE-2013-4434