Content for SECURITY.md

[ockersp]

Possible content to use in a generic SECURITY.md policy file:

Reporting Security Issues

Adobe values the contributions of the security research community, and we look forward to working with you to minimize risk to users.

Where should I report security issues?

We strongly encourage you to report all security issues privately via our vulnerability disclosure program. Please provide us with relevant technical details and repro steps to expedite our investigation. If you prefer not to use HackerOne, email us directly at psirt@adobe.com with details and repro steps.

[macdonst]

Our Issue Template mentions you should read the CONTRIBUTING.md which has a section on Security Issues. It sends folks to:

https://helpx.adobe.com/security/alertus.html

So we already have some coverage on this but I have no issue adding the SECURITY.md file.