Add Security Policy

[tcbutler320]

Description

This pull request adds a security policy to MonkeyType in order to better facilitate responsible vulnerability disclosures, moving them out of GitHub issues and into email/discord. Included in the policy is a /security-policy.html page with footer link, as well as a security policy in /.well-known/security.txt. Security.txt is an Internet Draft that has been submitted for RFC review, it's stated mission:

“When security risks in web services are discovered by independent security researchers who understand the severity of the risk, they often lack the channels to disclose them properly. As a result, security issues may be left unreported. security.txt defines a standard to help organizations define the process for security researchers to disclose security vulnerabilities securely.”

Key Changes

• Added /static/security-policy.html, which is essentially a copy of privacy-policy.html with security policy language
• Added /static/.well-known/security.txt which includes a template created with securitytxt.org
• Added the dot:true argument to gulpfile in order to copy ./well-known/* to dist
• Added fontawesome icon to footer, linking to security-policy.html

/security-policy

/.well-known/security.txt

/

Changes in footer

.

Checklist

• I have read the CODE_OF_CONDUCT.md and the CONTRIBUTING.md
• I checked if my PR has any bugs or other issues that could reduce the stability of the project
• I understand that the maintainer has the right to reject my contribution and it may not get accepted.

Resolves feature request in discussion #1485.
Related to #1476 #1498 #1503 #1348

[tcbutler320]

This is nit-picky but i'm just seeing the question mark in "How to Disclose a Vulnerability", maybe that should be removed

[Miodec]

This is nit-picky but i'm just seeing the question mark in "How to Disclose a Vulnerability", maybe that should be removed

Agreed