docs(security): extend security policy

[janderssonse]

Description

This PR adds a SECURITY.md file, battle tested in other projects and orgs, (the construct is CC0 ie public domain, for example from here https://raw.githubusercontent.com/itiquette/git-provider-sync/refs/heads/main/SECURITY.md so just reuse. I removed the (404)-link to the advisory, as that information is more aimed at a developer,maintainer, than a user of the project.

Motivation and Context

A SECURITY.md would help anyone assessing the project for use, give a hint of how it handles critical no public security issues, and give anyone a clear instruction on how to report them non public.

This policy basically says "send your findings, and we will see if we handle them, we will notify you".

NOTE: there is a <...> in the text, where the preferred channel for reporting should be added I left that for you, (or tell me what to add there, and I'll rebase with that.

Also, discussed in #1141

closes #1141

How Has This Been Tested?

In other projects, alike texts.

Screenshots / Logs (if applicable)

Types of Changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Documentation (no code change)
• Refactor (refactoring production code)
• Other

Checklist:

• My code follows the code style of this project.
• I have updated the documentation accordingly.
• I have formatted the code with rustfmt.
• I checked the lints with clippy.
• I have added tests to cover my changes.
• All new and existing tests passed.

[welcome]

Thanks for opening this pull request! Please check out our contributing guidelines! ⛰️

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 40.04%. Comparing base (8c499c6) to head (d335ca0).
Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1142      +/-   ##
==========================================
- Coverage   40.09%   40.04%   -0.05%     
==========================================
  Files          21       21              
  Lines        1911     1911              
==========================================
- Hits          766      765       -1     
- Misses       1145     1146       +1     

Flag	Coverage Δ
unit-tests	40.04% <ø> (-0.05%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[orhun]

Thanks!

[orhun]

Should we maybe keep the old policy and add a new section as "Reporting" instead? I kinda find the previous page useful in terms of letting people know which versions of the project will support security updates.

[janderssonse]

Agree 100%, and it is still in, look in the diff under "## Supported Versions"

[janderssonse]

But let me know if it should be on top, right now it is the second heading.

[janderssonse]

Thanks!

No, such a small contribution, but many thanks to you for git-cliff!! :) :)

[orhun]

LGTM!

[welcome]

Congrats on merging your first pull request! ⛰️