Add a security policy for vulnerability disclosure #371
Description
According to the 'A security policy is published and followed for vulnerability disclosure and response' item in TAC Security Baseline we need a SECURITY.md like this example.. We should also enable private Github security reporting.