dotnet restore command notes that NuGetAudit only works with nuget.org

[zivkan]

https://learn.microsoft.com/en-us/dotnet/core/tools/dotnet-restore#audit-for-security-vulnerabilities

Currently nuget.org is the only package source that we're aware of that provides a vulnerability database for NuGet to run Audit with, however, NuGet will run Audit as long as any source provides the VulnerabilityInfo resource, as documented in the NuGet product's Server API documentation.

Additionally, I think it would be valuable to link to the NuGet product docs page on audit, so customers can get more info, see other options, etc: https://learn.microsoft.com/en-us/nuget/concepts/auditing-packages