Add SECURITY.md

[zidingz]

trafficstars

Hey there!

I belong to an open source security research community, and a member (@ready-research) has found an issue, but doesn’t know the best way to disclose it.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

[ibrierley]

It's typically quite quiet these days, @DmitryBaranovskiy is the one who would normally deal with anything major, so you could try him first, but haven't heard anything for a while. I may be able to take a peek if you need some feedback, but I haven't worked on Snap for a while.