Add security.txt and related files

[sukima]

Closes #73

Using the security.txt draft spec this PR creates a signed security.txt file along with an associated acknowledgements and privacy policy pages.

The public key was generated using GnuPG and its associated private key was saved to Keybase.io in the newhavenio.admins team where only a select few members have access and that membership list can be adjusted over time.

The acknowledgements, privacy policy, and PGP key are optional which means they can be removed. I split each out so we can drop the commits if we wish (sans the security.txt which is an easy amend). I included all the features as a kick-start for either inclusion/refinement or discussion.

• [ ] Remove acknowledgement page
• [ ] Have sign-off on a Privacy Policy page
• [ ] Conciser removing the optional GPG signature and public key

[sukima]

Is the GPG signature and public key needed? is it worth having?