Add a security policy

[alistair3149]

Summary

Adds a SECURITY.md so the repository has a documented security policy.

The policy:

• Directs vulnerability reports to GitHub's private vulnerability reporting rather than public issues, pull requests, the mailing list, or the wiki.
• States that security fixes target the latest major version.
• Commits to acknowledging reports within 15 days, keeps remediation severity-prioritised, and notes a best-effort 90-day coordinated-disclosure window.
• Asks reporters to avoid public discussion, including revealing commit messages, until a fix is released.
• Routes Semantic MediaWiki issues to its own vulnerability reporting, and MediaWiki core or other-extension issues to the Wikimedia security team.

Part of adding security policies across the Semantic MediaWiki extensions, cf. SemanticMediaWiki/SemanticMediaWiki#5512.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 97.97%. Comparing base (e1be062) to head (66ca356).

Additional details and impacted files

@@            Coverage Diff            @@
##             master     #128   +/-   ##
=========================================
  Coverage     97.97%   97.97%           
  Complexity       72       72           
=========================================
  Files             4        4           
  Lines           198      198           
=========================================
  Hits            194      194           
  Misses            4        4           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.