Document security vulnerability reporting mechanism #27821
Description
Part of the tidelift setup. In numpy/numpy#13475 / numpy/numpy#13485, NumPy decided to just link to https://tidelift.com/docs/lifting/security. That should suffice to us.
Only thing to decide is who all gets notified with these reports.