add a security policy

Author: yaperez-anssi

SECURITY.md

@@ -0,0 +1,16 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability in the recommandations included in
+this guide, please help us address it responsibly by following these steps:
+
+1. **Do not publicly disclose the vulnerability.**
+2. Contact us directly at
+   [opensource@ssi.gouv.fr](mailto:opensource@ssi.gouv.fr) with the following
+   details:
+   - A clear description of the issue.
+   - Steps to reproduce the vulnerability.
+   - Any potential impact or exploit scenarios.
+
+Thank you for helping us keep this project secure!