Document and/or establish a process for responsibly disclosing security vulnerabilities

[james7132]

How can Bevy's documentation be improved?

We currently do not have an appropriate venue for responsibly managing and disclosing security vulnerabilities affecting Bevy.

GitHub has native support for this apparently: https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository. Though we may want to go through our own contact channels (i.e. a Bevy org associated email address).