Tweak CEL expression docs (#19)

Clearly separates expression usages for policy conditions from those for notification filters.

Adds a general CEL reference that both contexts can refer to instead of duplicating the same information across pages.

Signed-off-by: nscuro <nscuro@protonmail.com>

Author: nscuro

docs/concepts/vulnerability-policies.md

@@ -1,7 +1,7 @@
 # About vulnerability policies
 
 Vulnerability policies let organisations encode how specific vulnerabilities should be triaged across
-the portfolio. Where a [standard policy](../reference/vulnerability-policies.md) raises violations, a vulnerability policy acts
+the portfolio. Where a [standard policy](../reference/policies/index.md) raises violations, a vulnerability policy acts
 on the finding itself. It applies an analysis (state, justification, vendor response, details),
 optionally overrides the vulnerability's ratings, and can suppress the finding altogether.
 
@@ -65,7 +65,7 @@ time-bounded policies for temporary suppressions, embargoes, or phased rollouts.
 ### Operation Modes
 
 Every policy has an operation mode that determines what happens when its condition matches.
-Refer to the [operation modes reference](../reference/vulnerability-policies.md#operation-modes)
+Refer to the [operation modes reference](../reference/policies/index.md#operation-modes)
 for the full list.
 
 *Log* mode is particularly useful when introducing a new policy. It lets you observe how often a
@@ -74,7 +74,7 @@ to *Apply*.
 
 ## Further Reading
 
-* [Vulnerability policies reference](../reference/vulnerability-policies.md) for field
+* [Vulnerability policies reference](../reference/policies/index.md) for field
   definitions, condition variables, the bundle YAML schema, and sync rules.
 * [Managing vulnerability policies](../guides/user/managing-vulnerability-policies.md)
   for step-by-step procedures.

docs/guides/user/managing-vulnerability-policies.md

@@ -6,7 +6,7 @@ permission is `POLICY_MANAGEMENT`, or one of the finer-grained `POLICY_MANAGEMEN
 
 For background on what vulnerability policies are and how they work, see the
 [concepts page](../../concepts/vulnerability-policies.md). For field definitions and the bundle YAML
-schema, see the [reference page](../../reference/vulnerability-policies.md).
+schema, see the [reference page](../../reference/policies/index.md).
 
 ![Vulnerability policy list](./images/managing-vulnerability-policies/vuln-policies_list.png)
 
@@ -38,7 +38,7 @@ read-only and must be changed at the bundle source.
 ## Configuring the Bundle Source
 
 Configure the bundle URL and (optionally) credentials on the API server. Refer to the
-[bundle configuration properties](../../reference/vulnerability-policies.md#bundle-configuration)
+[bundle configuration properties](../../reference/policies/index.md#bundle-configuration)
 for the full list.
 
 Once the URL is configured, Dependency-Track fetches the bundle on the configured schedule. A bundle

docs/reference/.pages

@@ -7,7 +7,7 @@ nav:
   - Notifications: notifications
   - Vulnerability analysis:
     - Vulnerability analyzers: analyzers.md
-    - Vulnerability policies: vulnerability-policies.md
+    - Vulnerability policies: policies
   - CEL expressions: cel-expressions.md
   - Access control:
     - Permissions: permissions.md