docs(frontend): add security.txt

[piprett]

Security.txt is a well-known (pun intended) file among security researchers, so they don't have to go scavenging for your security information. More information is available on securitytxt.org.

I've set the following values:

• The email to contact with issues, [email protected].
• Expiry is set to end of 2025.
• English is the preferred language
• The file is located at https://modrinth.com/.well-known/security.txt
• The security policy is at https://modrinth.com/legal/security

The following values have been left unset:

• PGP key. Modrinth doesn't have one AFAIK
• Acknowledgments. Modrinth does currently not have a site where they thank reporters
• CSAF, a Common Security Advisory Framework

[piprett]

~~CI failure unrelated to PR, fixed in modrinth/code#2296~~

[pauliesnug]

generally this would be signed with a gpg signature belonging to the modrinth team that can be used for communication. additionally, modrinth already has a security police on their website and security.md, so those should be standardized

[piprett]

generally this would be signed with a gpg signature belonging to the modrinth team that can be used for communication.

That's true, but also outside of my power. I'm also not sure how useful this would be? Whilst we want Modrinth to be secure, and that's important, nobody other than Jai should have access to [email protected]. I can't imagine any attacker going out of their way to intercept those emails, instead of just... looking for vulnerabilities?

additionally, modrinth already has a security police on their website and security.md, so those should be standardized

I'm not sure what you mean by "standardized"? I am already linking to the policy. There is also no security.md that I could find, besides ones linking to the policy on the website?