Create SECURITY.md for security policy

[Sawsqr68]

Added a security policy document outlining supported versions and vulnerability reporting.

[Copilot]

Pull request overview

This PR establishes a security policy for the project by adding a SECURITY.md file that provides guidelines for supported versions and vulnerability reporting procedures.

Key Changes:

• Added SECURITY.md with a template structure for security policies
• Defined supported version matrix (5.1.x and 4.0.x currently supported)
• Included placeholder sections for vulnerability reporting process

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The placeholder instructional text should be replaced with actual information about the project's versioning and support policy. This template text does not provide meaningful guidance to users.

Suggested change

	Use this section to tell people about which versions of your project are
	currently being supported with security updates.
	The following table lists the versions of this project that are currently supported with security updates. Only the latest release in each major version is supported; older versions will not receive security updates.

[Copilot]

The placeholder instructional text should be replaced with specific vulnerability reporting instructions, including contact information (such as a security email address or reporting form), expected response times, and the process for handling reported vulnerabilities.

Suggested change

	Use this section to tell people how to report a vulnerability.
	Tell them where to go, how often they can expect to get an update on a
	reported vulnerability, what to expect if the vulnerability is accepted or
	declined, etc.
	To report a security vulnerability, please email our security team at [security@example.com](mailto:security@example.com). If you prefer, you may also use our secure reporting form at [https://example.com/security-report](https://example.com/security-report).
	- **Acknowledgment:** We will acknowledge receipt of your report within 2 business days.
	- **Investigation:** Our team will investigate the issue and may contact you for further information.
	- **Updates:** You can expect updates on the status of your report at least every 7 days until the issue is resolved or a decision is made.
	- **Resolution:** Once the vulnerability is confirmed, we will work to resolve it as quickly as possible and will notify you when the fix is released. If the vulnerability is declined, we will provide a clear explanation.
	Please do not disclose the vulnerability publicly until we have had a chance to address it. If you require encrypted communication, please request our PGP key in your initial email.