chore: add SECURITY.md

Author: bjaus

SECURITY.md

@@ -0,0 +1,24 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+Please use GitHub's private vulnerability reporting:
+
+1. Go to the **Security** tab of this repository
+2. Click **"Report a vulnerability"**
+3. Fill out the form with details about the issue
+
+This creates a private discussion where we can work on a fix before public disclosure.
+
+## What to Include
+
+- Description of the vulnerability
+- Steps to reproduce
+- Potential impact
+- Any suggested fixes (optional)
+
+## Response Timeline
+
+- **Initial response:** Within 48 hours
+- **Status update:** Within 7 days
+- **Fix timeline:** Depends on severity, typically within 30 days for critical issues