Add SECURITY.md with vulnerability reporting instructions

## Summary
Add a security policy file documenting how to report security vulnerabilities.

## Why
- Provides clear path for responsible disclosure
- Required for many enterprise users
- GitHub displays this in the "Security" tab

## Suggested Contents
- Supported versions
- How to report a vulnerability (private disclosure method)
- Expected response timeline
- What information to include in reports
- Out-of-scope issues

## Example Structure
\`\`\`markdown
# Security Policy

## Reporting a Vulnerability

**Please do not report security vulnerabilities through public GitHub issues.**

Instead, please report them via email to security@astronomer.io.

Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes

We will respond within 48 hours and provide a timeline for resolution.
\`\`\`

## Priority
**Medium** - Important for enterprise adoption

---
*From PR #24 open-source readiness review*

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add SECURITY.md with vulnerability reporting instructions #30

Summary

Why

Suggested Contents

Example Structure

Security Policy

Reporting a Vulnerability

Priority

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Add SECURITY.md with vulnerability reporting instructions #30

Description

Summary

Why

Suggested Contents

Example Structure

Security Policy

Reporting a Vulnerability

Priority

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions