docs: Add comprehensive SECURITY.md policy

[Kubudak90]

Summary

This PR adds a comprehensive security policy document for ShieldLend, a ZK-based private DeFi lending protocol.

Why This Matters

Given that ShieldLend handles:

• Sensitive cryptographic operations (ZK proofs, Pedersen commitments)
• User funds in a lending context
• Privacy-critical functionality

Having a clear security policy is essential for:

1. Responsible vulnerability disclosure - Giving security researchers a clear path to report issues privately
2. User trust - Demonstrating commitment to security best practices
3. Bug bounty preparation - Setting the foundation for a formal bug bounty program

What's Included

• Reporting Guidelines: Clear instructions on how to report vulnerabilities privately
• Response Timeline: Commitments for acknowledgment and resolution
• Bug Bounty Scope: Specific areas of interest for security research
• Safe Harbor: Protection for good-faith security researchers
• Security Considerations: Guidance for both users and developers
• Audit Status: Transparent disclosure of current audit status

References

This follows security policy best practices from:

• GitHub Security Lab
• OpenSSF
• Major DeFi protocols (Aave, Compound, Uniswap)

---

Note: This is a documentation-only change with no code modifications.