[Security]: Add SECURITY.md to define vulnerability reporting process

[RehanAhmad25]

🔐 Missing SECURITY.md

Description

The repository currently does not have a SECURITY.md file. This file is a GitHub recommended best practice that helps contributors and users understand how to responsibly report security vulnerabilities.

Why this matters

• GitHub surfaces SECURITY.md in the Security tab of every repository
• Without it, reporters have no clear channel to disclose vulnerabilities privately, which can lead to public exposure of unpatched issues
• Many open-source programs (including SSoC) encourage security conscious contributions

Suggested content for SECURITY.md

A basic SECURITY.md should include:

• Supported versions (which versions receive security updates)
• How to report a vulnerability (email, GitHub private advisory, etc.)
• Expected response timeline
• Responsible disclosure policy

Proposed fix

Create a SECURITY.md file at the root of the repository following the structure above.

[RehanAhmad25]

Hey @Ashmita1206 .
I would love to work on this issue as part of GSSoC'26.
Please let me know if I can proceed. Thanks!

[bajajkritagya]

/assign
Hi @Ashmita1206, I'd like to work on this under GSSoC'26. Creating a SECURITY.md with supported versions, reporting guidelines, response timeline, and responsible disclosure policy is something I can handle. Can I be assigned?