[DOC] Please add a security policy

[robrwo]

Please add a SECURITY or SECURITY.md file to the distribution and software repository that explains how to report a security vulnerability.

CPANSec has a guide for adding a security policy [1] and also links to software to generate security policies when you rebuild a distribution for release.

You can enable private vulnerability reporting in your GitHub repository [2]. This allows people to create private issues for security vulnerabilities, and lets your collaborators work on private forks. (GitHub also treats security policies as "first class" files along with the README and LICENSE files.)

[1] https://security.metacpan.org/docs/guides/security-policy-for-authors.html

[2] https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository

Note: this issue is part of a project by CPANSec to encourage popular CPAN distributions to add a security policy.