Document security reporting procedure

[danpalmer]

We might want to document the procedure for reporting a security vulnerability.

This should be done soon.

[dopeboy]

@phalt are we doing this anywhere? If not, I'll raise my hand to do it. Definitely important.

[phalt]

@danpalmer @dopeboy not yet. We are in the process of setting up a lightweight governance process for the whole of graphene. I will make sure security reporting is added to this.