Add a security policy

[alistair3149]

Summary

Adds a SECURITY.md so the repository has a documented security policy.

The policy:

• Directs vulnerability reports to GitHub's private vulnerability reporting rather than public issues, pull requests, the mailing list, or the wiki.
• States that security fixes target the latest major version.
• Commits to acknowledging reports within 15 days, keeps remediation severity-prioritised, and notes a best-effort 90-day coordinated-disclosure window.
• Asks reporters to avoid public discussion, including revealing commit messages, until a fix is released.
• Routes Semantic MediaWiki issues to its own vulnerability reporting, and MediaWiki core or other-extension issues to the Wikimedia security team.

Part of adding security policies across the Semantic MediaWiki extensions, cf. SemanticMediaWiki/SemanticMediaWiki#5512.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 26.35%. Comparing base (123452f) to head (ee476bb).

Additional details and impacted files

@@            Coverage Diff            @@
##             master      #91   +/-   ##
=========================================
  Coverage     26.35%   26.35%           
  Complexity       48       48           
=========================================
  Files             3        3           
  Lines           129      129           
=========================================
  Hits             34       34           
  Misses           95       95           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.