Add instructions on how to report security issues

[seb128]

Quoting SEC0026 - SSDLC

SECURITY.md (V1.1) Any public repository must also include a SECURITY.md file in the root directory, which educates users/contributors on how to report a security concern.

The content of the file is based on the template referenced in the spec and what other Canonical repository are already using

Note that CONTRIBUTING as a similar section under 'Getting Started' which I didn't edit, we could keep it/delete it or point to the new file, any preference?

[github-actions[bot]]

Everyone contributing to this PR have now signed the CLA. Thanks!

[seb128]

I've amended the commit to use my canonical email to please the CLA and forced pushed