We need to describe how to report discovered security issues. Here's how [GitHub does it](https://github.com/github/.github/blob/main/SECURITY.md).