Create SECURITY.md (#13)

* Create SECURITY.md

* update security policy

Signed-off-by: Nicklas Körtge <nicklas.koertge1@ibm.com>

---------

Signed-off-by: Nicklas Körtge <nicklas.koertge1@ibm.com>

SECURITY.md

@@ -0,0 +1,12 @@
+# Reporting Security Issues
+
+You can privately report a potential security issue via the GitHub security advisory feature. This can be done here:
+
+https://github.com/IBM/sonar-cryptography/security/advisories
+
+Please do **not** open a public issue about a potential security vulnerability.
+
+You can find more details on the security vulnerability feature in the GitHub
+documentation here:
+
+https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability