I suggest the wizard store the security contact as contract meta in the wasm contract for Stellar contacts. It would mean adding a line like so to the generated contract:

contractmeta!(key = "security-email", val = "<email goes here>");

Today when entering a security contact when generating a Stellar contract with the wizard, the contact information is stored only as a comment in the code that does not end up into the compiled wasm contract.

While the email is discoverable via a contract's code, if for any reason the code can't be found, or was not linked correctly via the current code build verification on Stellar, the email will not be discoverable.

If the email is stored in meta it will be findable in a more reliable way, and can be found programmability by things like block explorers to display alongside programs.

The contractmeta macro demonstrated above is defined here: https://docs.rs/soroban-sdk/latest/soroban_sdk/macro.contractmeta.html.

The key can be any value, and there is currently no standard for specifying a security contact, so whatever key seems most appropriate can be used and use by the wizard could start to organically create a standard.