Create AboutCode-level security policy

[mjherzog]

We need to create an AboutCode.org level security policy and reference it on each of our projects.

Some useful resources (GH context) are:

• https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository
• https://repos.openssf.org/principles-for-package-repository-security
• https://github.blog/security/vulnerability-research/a-maintainers-guide-to-vulnerability-disclosure-github-tools-to-make-it-simple/

[hemantchilkuri]

"I’d like to help create an AboutCode-level security policy. Should it live in a central repo or each project?"

[AyanSinhaMahapatra]

@hemantchilkuri thank you for your interest, but this is something which will be handled by the maintainers. If you have any suggestions for improvement though please let us know. Also please find other labeled good first issue from projects at https://github.com/aboutcode-org which are great for contributions.

@mjherzog I've started a draft at https://github.com/aboutcode-org/.github/blob/main/.github/SECURITY.md