Add `security.md` file

[jrfnl]

Description

Add a security.md file containing information about how to report security issues and what versions of PHP_CodeSniffer are supported from a security point of view.

The file is placed in the .github directory. This will allow for it to be recognized correctly by GitHub, while not cluttering up the project root directory.

Suggested changelog entry

N/A

Related issues/external references

Ref: https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository

Types of changes

• [ ] Bug fix (non-breaking change which fixes an issue)
• [ ] New feature (non-breaking change which adds functionality)
• [ ] Breaking change (fix or feature that would cause existing functionality to change)
  • [ ] This change is only breaking for integrators, not for external standards or end-users.
• [x] Documentation improvement

[jrfnl]

Closing as no longer relevant in https://github.com/PHPCSStandards/PHP_CodeSniffer, which has an organisation-wide SECURITY.md file.