Add a security policy

[pnacht]

Fixes #179.

As described in the issue, this PR adds a security policy to the project.

It currently offers two means of reporting: via an email (currently a placeholder) or using GitHub's private reporting feature (which must be enabled to work). It also suggests a 90-day remediation timeline, which is pretty standard.

If you'd rather change something (only offer one reporting method, add an actual email, use an external website instead, change the timeline, etc), let me know and I'll happily modify the PR.

[pnacht]

@thockin Thanks for merging this PR. However, it currently includes a "???@???" placeholder for the email. Let me know if you want me to send another PR to fix that. Just let me know which email to use or if you'd rather just use GitHub's private reporting feature.

[thockin]

I followed up with a real email

…

On Mon, Apr 24, 2023, 6:19 AM Pedro Nacht ***@***.***> wrote: @thockin <https://github.com/thockin> Thanks for merging this PR. However, it currently includes a "???@???" placeholder for the email. Let me know if you want me to send another PR to fix that. Just let me know which email to use or if you'd rather just use GitHub's private reporting feature. — Reply to this email directly, view it on GitHub <#178 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABKWAVHV5FB6OQPJXQK6YQLXCZ4VLANCNFSM6AAAAAAW64OA2I> . You are receiving this because you were mentioned.Message ID: ***@***.***>