Define a security policy

[yeikel]

Currently, we do not have any security policy in https://github.com/netplex/json-smart-v2/security or in the readme. That leaves security contributors without the adequate tools to report issues responsibly.

The recent issue GHSA-pq2g-wx69-c263 was not reported responsibly in my opinion as CVEs should ideally go public after there is a known fix