Add SECURITY.md with security policy and guidelines

This document outlines the security policy, supported versions, and reporting procedures for vulnerabilities.

Author: danez

SECURITY.md

@@ -0,0 +1,26 @@
+# Security Policy
+
+## Supported Versions
+
+grunt-webpack encourages users to upgrade to the [latest version](https://github.com/danez/grunt-webpack/releases).
+
+Only the latest released version of grunt-webpack is actively supported. When reporting bugs or security issues, we encourage you to first upgrade to the latest version and confirm that the problem still exists.
+
+We patch bugs and security relevant issues in the latest version and recommend upgrading. grunt-webpack goes to great length to ensure backwards compatibility so upgrading is almost always painless.
+
+We will backport security fixes if needed to the last 4 previous major versions.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| [v7](https://github.com/danez/grunt-webpack/releases) | :white_check_mark: |
+| [v6](https://github.com/danez/grunt-webpack/releases) | :white_check_mark: |
+| [v5](https://github.com/danez/grunt-webpack/releases) | :white_check_mark: |
+| [v4](https://github.com/danez/grunt-webpack/releases) | :white_check_mark: |
+| [v3](https://github.com/danez/grunt-webpack/releases) | :white_check_mark: |
+| v2 or older   | :x:                |
+
+## Reporting a Vulnerability
+
+Security vulnerabilities should be reported by drafting a [Security Advisory](https://github.com/danez/grunt-webpack/security/advisories/new) directly on github or through [Tidelift](https://tidelift.com/docs/security).
+
+You can also reach out to the maintainer directly at Keybase `@danez_gh` or Matrix `@danez_gh:matrix.org`