[DOC] Place a security policy file SECURITY.md to make it easily discoverable by a vulnerability reporter.

[cheyang]

Place a security policy file SECURITY.md in the root directory of your repository. This makes it easily discoverable by a vulnerability reporter.

The file should contain information on what constitutes a vulnerability and a way to report it securely (e.g. issue tracker with private issue support, encrypted email with a published public key). Follow the coordinated vulnerability disclosure guidelines to respond to vulnerability disclosures.

For GitHub, see more information here.