Note: for historical task protection to remain we need to usurp the /existing/ project used as an acl and create a second project for tagging purposes only. This is in the same spirit as T90491. We currently have [[ https://phabricator.wikimedia.org/maniphest/query/8wTH1EjH3ysd/#R | hundreds of tasks ]] that would be useful for volunteers to follow tagged with #security. Related [[ https://phabricator.wikimedia.org/phame/post/view/187/changes_to_security_team_workflow/ | blog post ]].
[x] Determine #Security access subgroups
[x] Create first subproject of acl*security_volunteer (this will inherit all users)
[x] Create subsequent subprojects and add members as appropriate
[x] Create a new security project for tagging only (#security-related)
[x] Add #security-related to all exting tasks tagged with #security
[x] add a herald rule to add #security-related to all tasks if tagged with #security (H353)
[x] Add all members of original security project to transitional security-related
[ ] update security forms
[ ] remove #security from all tasks as a tag
[ ] Update `protect as security issue` to use acl*security (since this is by name and not phid)
[ ] rename #security to #acl*security (remove `security` alias)
[ ] rename `security-related` to `security`
[ ] Update Security task type with new ACL
[ ] update anywhere else?
## Add new tag in place of old #security which is now an ACL only