Security Contact Information

[PhillipNordwall]

There should be information in the README.md on where to communicate security issues to enable for responsible disclosure.

[tucked]

We might consider adding a security policy:

Last time I went through that, it helped me create a SECURITY.md (which we could then link to in the README). That example is obviously very basic, but we could make it as detailed as we like.