Create Security Policy

[diogoteles08]

Closes #1327

I've created the SECURITY.md file following a GitHub's template and considering the report vulnerability through security advisory, which is a handy new GitHub feature, but it's still in beta and has to be manually enabled by a maintainer.

If you're interested in this feature, you can activate it following this steps:

1. Click on this link to go to Code security & analysis section on your repo's settings
2. Click "Enable" for "Private vulnerability reporting (Beta)"

FWI: In case it's applicable and of interest of mozilla's org, this Security Advisory feature can also be enabled in the org level.

However, if you'd rather not use this feature, you can also request users to report vulnerabilities to an email. If that's the case, let me know which email you would like to receive the reports and I can submit the change.

Additionally, feel free to edit or suggest any changes to this document, it is supposed to reflect the amount of effort the team can offer to handle vulnerabilities.

[rbri]

Looks good for me

[gbrail]

This makes sense to me too, although on this project we really feel the bit about how we're all volunteers and aren't going to be able to maintain any kind of SLA.

[gbrail]

I enabled the new security feature so this will make sense when we merge this.