Document security policy #4048
Description
Requesting that either the GHSA functionality of this repository is enabled, or a SECURITY.md is added that documents the process for responsible disclosure of security issues.
Right now, struggling to find out what that policy is, and public-facing issues do not feel sensible for this kind of disclosure.
Many thanks in advance.