Add a SECURITY.md file with hints for security researchers and other parties who might report potential security vulnerabilities. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>