Add assumption about the max value of `exponent`

[smol-ninja]

A Codehawk auditor asked a really good question about the max value of UD2x18.

Since its max value is capped by type(uint64).max, the exponent cannot represent a value bigger than 18.446744073709551615. Thus, we should add this in the Assumptions section of SECURITY.md:

In Lockup dynamic, the fixed-point representation of a segment's exponent does not exceed 18.446744073709551615.