Add a SECURITY.md file

[Rudloff]

The README of both backdrop and backdrop-issues mention how to report a security issue.
However, it is also a good practice to have a SECURITY.md file with this information: https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository

This security policy will then be displayed in the Security tab of the repository and in the sidebar of the new issue form.

[quicksketch]

Hi @Rudloff! Thanks, I think this is a good suggestion. The Backdrop project is a little weird in that we have the backdrop-issues repository separate from the code (backdrop) repository. This was because at the time we set up the repositories, GitHub did not have granular permissions and two repositories was what GitHub recommended to separate code "commit" from issue "triage" permissions.

There are a number of other "Community Health" documentation files recommended by GitHub: https://docs.github.com/en/communities/setting-up-your-project-for-healthy-contributions/creating-a-default-community-health-file

I am not sure if we should be adding more (or all) of these recommended files, nor whether they should all be in one repository or the other (or both).