Add explicit mention to look for bypasses in the security engineer fix verification procedure

This is something we probably all know we should do, but following the recent problems with project import and the bypass found for a solution we knew wasn't perfect I figured an explicit mention in the procedure wouldn't hurt.