[Docs] Add SECURITY.md

The paragraph "The Gramine team will send a response..." is based on
https://github.com/electron/electron/blob/28-x-y/SECURITY.md.

Signed-off-by: Dmitrii Kuvaiskii <dmitrii.kuvaiskii@intel.com>

.github/ISSUE_TEMPLATE/config.yml

@@ -3,7 +3,3 @@ contact_links:
   - name: 💬 I need help with Gramine usage
     url: https://github.com/gramineproject/gramine/discussions/categories/general
     about: Open a discussion thread
-  - name: 🔒 Report a security vulnerability
-    # GitHub doesn't seem to accept `mailto:` URLs here :/
-    url: https://gramine.readthedocs.io/en/latest/devel/contributing.html#reporting-security-vulnerabilities
-    about: Write an email to security@gramineproject.io

README.rst

@@ -90,4 +90,5 @@ If you prefer emails, please send them to users@gramineproject.io
 Reporting security issues
 =========================
 
-Please report security issues to security@gramineproject.io.
+Please report security issues to security@gramineproject.io. See also our
+`security policy <SECURITY.md>`__.

SECURITY.md

@@ -0,0 +1,16 @@
+# Reporting Security Issues
+
+Please report security issues to security@gramineproject.io.
+
+Please note that the Gramine team analyzes security bugs only on the current
+`master` branch. This implies that you must reproduce the bug on master before
+reporting.
+
+The Gramine team will send a response indicating the next steps in handling your
+report. After the initial reply to your report, the security team will keep you
+informed of the progress towards a fix and full announcement, and may ask for
+additional information or guidance.
+
+If the bug report is correct, we will acknowledge your contributions by
+specifying your name in the commit message. Please provide the preferred
+name/nick to put there.