Add security policy

Author: hyperpolymath

SECURITY.md

@@ -0,0 +1,25 @@
+<!-- SPDX-License-Identifier: AGPL-3.0-or-later -->
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| main    | :white_check_mark: |
+| < main  | :x:                |
+
+## Reporting a Vulnerability
+
+Please report security vulnerabilities through GitHub private vulnerability reporting:
+1. Go to the **Security** tab
+2. Click **Report a vulnerability**
+3. Fill out the form
+
+We respond within 48 hours.
+
+## Security Measures
+
+- Dependabot for dependency updates
+- CodeQL for code scanning
+- Secret scanning and push protection
+