Security guidelines?

[jpkrohling]

I noticed that this repository doesn't have a security policy neither offer a way to do responsible disclosing of issues. What would be the appropriate way to disclose such an issue if there was one? Feel free to get in touch with me via the CNCF Slack.

[mostynb]

Added SECURITY.md to answer this for future reporters.