Add security policy #2235
This PR is a proposal for a security bounty policy, as discussed during our team retreat in Brussels.
It is inspired by other companies policies, such as the one from YesWeHack (that we may want to use at some point if we want to actively look for hunters).
When merged we should also create the special
I've made an (arbitrary) proposal for bounty amounts, please review them and suggest others if you think they're not right.
Also related: opencollective/opencollective-frontend#2146 adds a standard