Create a security policy

[trishankatdatadog]

Description of issue or feature request:

Similar to go-tuf, we should create a security policy so that researchers can properly disclose security issues.

[erickt]

Sure, good idea. However it doesn't look like go-tuf has a security policy set up. Did you mean python-tuf?

[trishankatdatadog]

Sure, good idea. However it doesn't look like go-tuf has a security policy set up. Did you mean python-tuf?

(Inspired by the lack of it in go-tuf)

[trishankatdatadog]

I'm not sure python-tuf has the best policy right now (depends on one person and PGP)