Provide a channel for responsible reporting of security findings

[tjs-intel]

Recommendation: add a SECURITY.md file to this repository with instructions on how to privately report security findings.

[drdavella]

Hi @tjs-intel this repository is already configured to enable private reporting of security findings however you are correct in saying that we should include a SECURITY.md as a guide for responsible disclosure.