ref-manual: add missing CVE_CHECK manifest variables

Variables that can be used for toggling creation of manifest and
specifying the path to the output in the deploy directory.

(From yocto-docs rev: fb462c47bb15522cc02642fe51f39c8e15044957)

Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 14131a42a7ea8bbae2165c1b8dbcabd5f28b2b22)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

documentation/ref-manual/variables.rst

@@ -1521,6 +1521,10 @@ system and gives an overview of their function and contents.
          variable only in certain contexts (e.g. when building for kernel
          and kernel module recipes).
 
+   :term:`CVE_CHECK_CREATE_MANIFEST`
+      Specifies whether to create a CVE manifest to place in the deploy
+      directory. The default is "1".
+
    :term:`CVE_CHECK_IGNORE`
       The list of CVE IDs which are ignored. Here is
       an example from the :oe_layerindex:`Python3 recipe</layerindex/recipe/23823>`::
@@ -1528,6 +1532,10 @@ system and gives an overview of their function and contents.
          # This is windows only issue.
          CVE_CHECK_IGNORE += "CVE-2020-15523"
 
+   :term:`CVE_CHECK_MANIFEST_JSON`
+      Specifies the path to the CVE manifest in JSON format. See
+      :term:`CVE_CHECK_CREATE_MANIFEST`.
+
    :term:`CVE_CHECK_REPORT_PATCHED`
       Specifies whether or not the :ref:`ref-classes-cve-check`
       class should report patched or ignored CVEs. The default is "1", but you
@@ -9554,4 +9562,3 @@ system and gives an overview of their function and contents.
 
       On systems where many tasks run in parallel, setting a limit to this
       can be helpful in controlling system resource usage.
-