Update CVE policy by removing SBOM reference

Removed mention of software bill of materials (SBOM) in CVE policy.

Signed-off-by: rae sharp ♯ <8883519+tr0njavolta@users.noreply.github.com>

Author: tr0njavolta

docs/reference/cve-policy.md

@@ -100,8 +100,7 @@ CVEs.
 
 Upbound bundles Kubernetes, UXP, and other infrastructure components within
 Spaces. CVEs in bundled dependencies are evaluated and patched under the same
-SLAs as first-party CVEs. Upbound publishes a software bill of materials (SBOM)
-for each release to support customer vulnerability tracking.
+SLAs as first-party CVEs.
 
 **Spaces Support Lifecycle**