Add SECURITY.md and disclosure #90
Description
Hi maintainers,
Could you add a SECURITY.md and enable GitHub Security Advisories for private reports?
I have security findings to report and want to follow the project’s official process.
If you prefer, I can open a PR adding a SECURITY.md that points reporters to the GitHub “Report a vulnerability” flow.
Thanks!