Add SECURITY.md

[jmr]

Needed to fix code scanning security policy checks

https://github.com/golang/geo/security/code-scanning

"Place a security policy file SECURITY.md in the root directory of your repository. This makes it easily discoverable by a vulnerability reporter."

See https://github.com/golang/geo/security/code-scanning/9 and click "show more".

[rsned]

The main thing it wants to see is:

• A valid form of an email address to contact for vulnerabilities

Do the C++ or Java repos have an email contact they use for this? Should there be an s2-geometry-project-admins@googlegroups or some other limited google groups that can be used for the rare security report?

• A valid form of a http/https address to support vulnerability reporting

For this I assume opening an GitHub Issue would be sufficient since there isn't really anything in the code that needs to be secretive about reporting.

[jmr]

We have some templates and documentation internally, but it's not very clear, at least to me. Someone "on the inside" can figure this out.