docs: add security policy (SECURITY.md)

Add security policy for responsible vulnerability disclosure
via Facebook's Bug Bounty program.

Author: srpatcha

.github/SECURITY.md

@@ -0,0 +1,14 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability in React Native, please report it responsibly.
+
+**Please do NOT report security vulnerabilities through public GitHub issues.**
+
+Instead, please report them through [Facebook's Bug Bounty program](https://www.facebook.com/whitehat) or via [GitHub Security Advisories](https://github.com/facebook/react-native/security/advisories/new).
+
+Please include:
+- Type of issue
+- Steps to reproduce
+- Impact assessment