document security policies

Author: stephengold

SECURITY.md

@@ -0,0 +1,16 @@
+# Security policies of Minie
+
+To report a security vulnerability in the Minie project,
+send e-mail to Stephen Gold, the project's manager.
+His personal e-mail address appears at the bottom
+of [his homepage](https://stephengold.github.io/) and also in the source code.
+
+In your e-mail,
+please provide clear, detailed steps to reproduce the vulnerability.
+Please be as kind, polite, generous, and grateful as you can.
+Comparison and criticism should be kept professional and impersonal.
+
+At the present time, the Minie project does not have a bug-bounty program.
+
+To suggest improvements to these policies,
+[open an issue at GitHub](https://github.com/stephengold/Minie/issues/new).