📖 Add Security Insights file and update maintainer affiliation

[justaugustus]

What kind of change does this PR introduce?

(Is it a bug fix, feature, docs update, something else?)

• PR title follows the guidelines defined in our pull request documentation

Follow-up to #4862, as the OSPS Baseline assessment GitHub Action uses security-insights.yml as input.

• .github: Add security-insights.yml
• MAINTAINERS: Update Jeff's affiliation

What is the current behavior?

What is the new behavior (if this is a feature change)?**

• Tests for the changes have been added (for bug fixes/features)

Which issue(s) this PR fixes

Special notes for your reviewer

Note that this is an intentionally minimally viable security-insights.yml. We'll add on top of the MVP post-merge.

Does this PR introduce a user-facing change?

For user-facing changes, please add a concise, human-readable release note to
the release-note

(In particular, describe what changes users might need to make in their
application as a result of this pull request.)

NONE

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 69.59%. Comparing base (353ed60) to head (a6f2f21).
⚠️ Report is 285 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4863      +/-   ##
==========================================
+ Coverage   66.80%   69.59%   +2.78%     
==========================================
  Files         230      251      +21     
  Lines       16602    15657     -945     
==========================================
- Hits        11091    10896     -195     
+ Misses       4808     3891     -917     
- Partials      703      870     +167     

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[spencerschrock]

a few nits