Include `security.txt` requirement

[EdOverflow]

Would it make sense to include a requirement concerning security.txt labelling in images? Some organisations already do this such as Atlassian.

 LABEL securitytxt=https://www.atlassian.com/.well-known/security.txt

This might fit into the "V1: Organizational" or "V5: Image Distribution" sections.

OWASP Application Security Verification Standard (ASVS) has the requirement listed in their "V1 Architecture, Design and Threat Modeling" section [1, 2].