Create a Security Policy

[joycebrum]

Closes #854

I've created the SECURITY.md file considering the report vulnerability through security advisory, which is a new github feature still in beta and that has to be enabled.

If you're interested in GitHub's feature, it must be activated for the repository:

1. Open the repo's settings
2. Click on Code security & analysis
3. Click "Enable" for "Private vulnerability reporting (Beta)"

If you rather not enable it there is also the possibility to receive the vulnerability report through an email, in this case just let me know which email it would be and I'll submit the change.

Besides that, feel free to edit or suggest any changes to this document, it is supposed to reflect the amount of effort the team can offer to handle vulnerabilities.

[tarcieri]

See previous discussion here: RustCrypto/meta#16

That said, this looks like a reasonable starting place

[joycebrum]

Thanks for pointing out the discussion!
I've updated the text to include the information about the supported releases to be only the latest as mentioned in the discussion, see what you think.

[tarcieri]

I enabled private vulnerability reporting for this repo, but we should remember to enable it on any other repos we apply this to.

That said, looks like we finally have a SECURITY.md template we can apply to all our repos and resolve RustCrypto/meta#16. Thanks @joycebrum !