Encode Security Policy

[Kludex]

The idea of this discussion is to propose a security policy on which people can reach members in case of potential security issues.

On the last months, we had two security issues (that I'm aware):

• Some URL can make httpx use URL with wrong info httpx#2184
• Revert "Allow staticfiles to follow symlinks outside directory" #1681

How can we create a secure communication channel for people to reach us easily?

1. Create a team on GitHub to which a group of selected members have access, and people who wished to report an issue can ask to join the team, and create a discussion there.

2. Create an email group on which a group of selected members can freely receive potential security issue concerns.
3. Another?

cc @tomchristie @encode/maintainers

[Kludex]

Our security policy is here.