VRP: clarify Email resolution strategy + enforce appropriate PGP keys for respective addresses

[anonimal]

As noted in https://github.com/monero-project/meta/pull/163:

When explicitly mentioning the acceptance of emails for vulnerability reports, you should also try to handle them.

In fact, all three PGP keys for Monero mentioned here (this goes to @fluffypony, @luigi1111, @moneromooo-monero) are not linked to the email address provided, making it even harder to grasp how to properly report a vulnerability by email. (My mail app doesn't allow to encrypt mails to A using a key for B, if B is not linked to A).

See #163 for details.