Change from Vulnerabilities to Risks

[Bobsimonoff]

With the realization that the top 10 focuses on the risks that vulnerabilities, I recommend changing our template and the content of the Top 10 to match.

The TL;DR

Fo to the OWASP Top 10 page and the first 2 sentences read:

The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.

My detailed reasoning is in this document: risks-vs-vulnerabilities.md

[rossja]

I agree that this makes sense, but think we need to reach consensus. In the meantime though, I've updated the style guide and the template for entries to swap out this wording in favor of risk, so folks can see what that looks like. (I did NOT update the entries for 1.1 to match, but feel we probably can do that for the next sprint if folks agree to this change).