📝(security) add SECURITY.md with vulnerability reporting details

Added a vulnerability disclosure policy and reporting instructions.

SECURITY.md

@@ -0,0 +1,28 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+Security is very important to us.
+
+If you have any issue regarding security, please disclose the information 
+responsibly submitting [this form](https://github.com/suitenumerique/django-lasuite/security/advisories/new) 
+and not by creating an issue on the repository. 
+
+We appreciate your effort to make LaSuite more secure.
+
+## Vulnerability disclosure policy
+
+Working with security issues in an open source project can be challenging, 
+as we are required to disclose potential problems that could be exploited 
+by attackers. With this in mind, our security fix policy is as follows:
+
+1. The Maintainers team will handle the fix as usual (Pull Request,
+release).
+2. In the release notes, we will include the identification numbers from the
+GitHub Advisory Database (GHSA) and, if applicable, the Common Vulnerabilities
+and Exposures (CVE) identifier for the vulnerability.
+3. Once this grace period has passed, we will publish the vulnerability.
+
+By adhering to this security policy, we aim to address security concerns
+effectively and responsibly in our open source software project.
+