docs: Add GitHub issue templates

Added comprehensive issue templates aligned with safe-formdata's security boundary:

- Bug report template with scope confirmation checkboxes
- Security issue template for non-sensitive concerns
- Config with links to Security Advisories, Discussions, and documentation

All templates enforce boundary awareness and reference SECURITY.md for triage decisions.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <[email protected]>")

Author: roottool

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,47 @@
+name: Bug Report
+description: Report a bug within the FormData parsing boundary
+title: "[Bug]: "
+labels: ["bug"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        safe-formdata defines a **strict trust boundary** between untrusted FormData input
+        and application logic.
+
+        Only issues **within this boundary** are considered bugs.
+
+        Security decisions and issue triage are based on the definitions in SECURITY.md.
+
+  - type: checkboxes
+    id: scope-check
+    attributes:
+      label: Scope confirmation
+      options:
+        - label: This issue concerns FormData parsing behavior **within the defined boundary**
+          required: true
+        - label: This issue is **not** about value validation, schema enforcement, framework behavior, or application logic
+          required: true
+
+  - type: textarea
+    id: reproduction
+    attributes:
+      label: Minimal reproducible example
+      description: Provide the smallest example to reproduce the bug
+      placeholder: |
+        ```ts
+        import { parse } from "safe-formdata";
+        const formData = new FormData();
+        // Your code here
+        const result = parse(formData);
+        ```
+      validations:
+        required: true
+
+  - type: input
+    id: version
+    attributes:
+      label: safe-formdata version
+      placeholder: e.g., 0.1.0
+      validations:
+        required: true

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,17 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Security Vulnerability (Private)
+    url: https://github.com/roottool/safe-formdata/security/advisories/new
+    about: Report a security vulnerability privately via GitHub Security Advisories
+
+  - name: Question or Discussion
+    url: https://github.com/roottool/safe-formdata/discussions
+    about: Ask questions or discuss ideas about safe-formdata
+
+  - name: Documentation
+    url: https://github.com/roottool/safe-formdata#readme
+    about: Read the README for API documentation, design principles, and usage examples
+
+  - name: Security Guidelines
+    url: https://github.com/roottool/safe-formdata/SECURITY.md
+    about: Learn about safe-formdata security scope, guarantees, and reporting policy

.github/ISSUE_TEMPLATE/security_report.yml

@@ -0,0 +1,69 @@
+name: Security Issue
+description: Report a security concern within the FormData parsing boundary
+title: "[Security]: "
+labels: ["security"]
+blank_issues_enabled: false
+contact_links:
+  - name: Security Vulnerability (Private)
+    url: https://github.com/roottool/safe-formdata/security/advisories/new
+    about: Report a security vulnerability privately via GitHub Security Advisories
+  - name: Question or Discussion
+    url: https://github.com/roottool/safe-formdata/discussions
+    about: Ask questions or discuss ideas about safe-formdata
+  - name: Documentation
+    url: https://github.com/roottool/safe-formdata#readme
+    about: Read the README for API documentation, design principles, and usage examples
+body:
+  - type: markdown
+    attributes:
+      value: |
+        For sensitive vulnerabilities, please use **GitHub Security Advisories** (private).
+
+        This template is for **non-sensitive security concerns or design questions**
+        within the FormData parsing boundary.
+
+        safe-formdata defines a **strict trust boundary** between untrusted FormData input
+        and application logic.
+
+        Security decisions and issue triage are based on the definitions in SECURITY.md.
+
+  - type: checkboxes
+    id: security-scope
+    attributes:
+      label: Security scope confirmation
+      options:
+        - label: This issue relates to boundary security (prototype pollution, forbidden keys, duplicate keys)
+          required: true
+        - label: This issue is **not** about value validation, authentication, framework behavior, or denial-of-service
+          required: true
+
+  - type: textarea
+    id: description
+    attributes:
+      label: Description
+      description: Detailed description of the security issue or concern
+      validations:
+        required: true
+
+  - type: textarea
+    id: reproduction
+    attributes:
+      label: Proof of concept / reproduction
+      description: Minimal code or steps to demonstrate the issue
+      placeholder: |
+        ```ts
+        import { parse } from "safe-formdata";
+        const formData = new FormData();
+        // Demonstration code here
+        const result = parse(formData);
+        ```
+      validations:
+        required: true
+
+  - type: input
+    id: version
+    attributes:
+      label: Affected safe-formdata version
+      placeholder: e.g., 0.1.0
+      validations:
+        required: true