Ask the reporter to make the issue confidential
If the user is reporting a security issue, ask them to mark the report as confidential instead of sending emails to security-officer@isc.org.
The security report will end in the GitLab anyway and the charade with encrypted emails sent to security-officer@isc.org is just a security theather.