Update SECURITY.md

[So-Fras]

Please check if the PR fulfills these requirements

• [x] The commit message follows our guidelines

Does this PR already have an issue describing the problem? No

What kind of change does this PR introduce? User documentation update regarding security policy on the PowSyBl project.

[bc-rte]

The severity assesment criteria are not described. This is an issue, because, according to the process, the person reporting a vulnerability must assess severity in order to know which reporting channel to use.