Add SECURITY.md

[allanlw]

Hi there!

I've found an issue in your project but I'm not sure the best way to disclose it.

Could you please add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Alternatively, please send an email to the address on my profile.

Thanks!

[allanlw]

Hello @telesoho any action on this? I emailed you about this issue too.

[telesoho]

@allanlw

I have added a SECURITY.md. Thanks for your help.