chore(*): add security policy

Signed-off-by: Vaughn Dice <vaughn.dice@fermyon.com>

Author: vdice

SECURITY.md

@@ -0,0 +1,11 @@
+# Security
+
+## Reporting a Vulnerability
+
+The Spin Framework team and community take security vulnerabilities very seriously. If you find a security related issue with Runtime Class Manager, we kindly ask you to report it [through the GitHub project](https://github.com/spinframework/runtime-class-manager/security). All reports will be thoroughly investigated by the Spin Framework maintainers.
+
+## Disclosure
+
+We will disclose any security vulnerabilities in our [Security Advisories](https://github.com/spinframework/runtime-class-manager/security/advisories).
+
+All vulnerabilities and associated information will be treated with full confidentiality. We are thankful for your efforts in keeping Runtime Class Manager secure, and we will publicly acknowledge your contributions if you wish.