Issue #3094817 by nicxvan, quietone, prudloff: Add a SECURITY.md explaining how to report security vulnerabilities properly