Add Security Policy

[gabibguti]

Adding a Security Policy is important as it provides guidance on how to report potential vulnerabilities and inform the vulnerabilities disclosure window for this repo.

I recently recommended #132 and, like that change, this one also security-related.

If you agree, I can open a PR to suggest a Security Policy, and we can work together to communicate how the repo can best handle vulnerability reports.

Additional Context

Hi again! I'm Gabriela and I work on behalf of Google and the OpenSSF suggesting supply-chain security changes :)

[r-hang]

Hey @gabibguti do you have some examples of what a security policy might look like? We're interested in learning more!

[gabibguti]

@r-hang Yes! Here are a few examples:
https://github.com/emscripten-core/emscripten/security/policy
https://github.com/dustin/go-humanize/security/policy
https://github.com/Cyan4973/xxHash/security/policy

[gabibguti]

Hi! Friendly ping here. Are you still planning on working on this change? Otherwise we can close as not planned for now :)

[sywhang]

Thanks @gabibguti for the ping. There is an ongoing security policy that's pending some review. We'll leave this issue open as we'll be putting the security policy in place for all repos.