Responsible disclosure policy for security vulnerabilities?

[ThisIsMissEm]

Hi, currently this project doesn't use either the GitHub Security features nor have a Security.md or other information as to how to responsibly disclose security vulnerabilities to you. Whilst I haven't found a security vulnerability right now, having such a policy will help others disclose things to you safely.

For an idea of other security policies and more information, see here: https://nivenly.org/docs/programs/fediverse-security-fund/#eligible-fediverse-software