Create SECURITY.md

We did not have any security issues in the past but there might be so I think it is important to have a security policy so users know how to report such with fully disclosing it in a GitHub issue. After all DJA exposes APIs which could be publicly exposed.

I've copied the policy from Django REST Framework and adjusted it. I recommend to read following [guide](https://github.com/google/oss-vulnerability-guide/blob/main/guide.md) which describes how security vulnerabilities are best addressed.

One question remains though is what means do we wanna use to privately communicate with us? Github has [Security Advisories](https://docs.github.com/en/github/managing-security-vulnerabilities/about-github-security-advisories) which I recommend we use. But only a admin can create security advisories. Currently as it seems GitHub does not provide a way for the initial communication.

DRF uses googlegroups for this. Not my favorite but do not see a alternatives. Or are there any other suggestions?

Author: sliverc

SECURITY.md

@@ -0,0 +1,9 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you believe you've found something in Django REST Framework JSON API which has security implications, please **do not raise the issue in a public forum**.
+
+Send a description of the issue via email to [whatemailaddressshouldweuse@example.net][security-mail].The project maintainers will then work with you to resolve any issues where required, prior to any public disclosure.
+
+[security-mail]: mailto:rest-framework-security@googlegroups.com