Docs: add security policy

- Latest version is supported
- Report vulnerabilities via e-mail

.github/SECURITY.md

@@ -0,0 +1,18 @@
+# Security Policy
+
+## Supported Versions
+
+The latest version of `sharp` as published to npm
+and reported by `npm view sharp dist-tags.latest`
+is supported with security updates.
+
+## Reporting a Vulnerability
+
+Please use
+[e-mail](https://github.com/lovell/sharp/blob/main/package.json#L5)
+to report a vulnerability.
+
+You can expect a response within 48 hours
+if you are a human reporting a genuine issue.
+
+Thank you in advance.