docs: add SECURITY.md

All new NGINX projects are created from the template repository which
has a SECURITY.md file in it. This adopts the file.

NOTE; We wrap the file around the 76-78 character mark for consistency
and readability.

Link: <https://github.com/nginxinc/template-repository>
Closes: #1408
Signed-off-by: Gabor Javorszky <[email protected]>
[ Tweaked commit message - Andrew ]
Signed-off-by: Andrew Clayton <[email protected]>

Author: javorszky

SECURITY.md

@@ -0,0 +1,21 @@
+# Security Policy
+
+## Latest Versions
+
+We advise users to run or update to the most recent release of this
+project. Older versions of this project may not have all enhancements
+and/or bug fixes applied to them.
+
+## Reporting a Vulnerability
+
+The F5 Security Incident Response Team (F5 SIRT) has an email alias that
+makes it easy to report potential security vulnerabilities:
+
+- If you’re an F5 customer with an active support contract, please
+contact [F5 Technical Support](https://www.f5.com/services/support).
+- If you aren’t an F5 customer, please report any potential or current
+instances of security vulnerabilities with any F5 product to the
+F5 Security Incident Response Team at <[email protected]>.
+
+For more information please read the F5 SIRT vulnerability reporting
+guidelines available at [https://www.f5.com/services/support/report-a-vulnerability](https://www.f5.com/services/support/report-a-vulnerability).