add security policy for vulnerability reporting

[Aaravanand00]

Summary

This adds a SECURITY.md file to define how security vulnerabilities should be reported.

What changed

1. added SECURITY.md with supported versions
2. included link to the Hyperledger security process

Why

This makes it clear how to report vulnerabilities and aligns the repo with basic OpenSSF and scorecard expectations.

Notes

1. kept the change minimal
2. existing security-related configs (scorecard, dependabot, etc.) were already in place

[Copilot]

Pull request overview

Adds a repository security policy document to clarify how to report vulnerabilities and which versions are supported, aligning the repo with common OpenSSF/Scorecard expectations.

Changes:

• Added SECURITY.md describing supported versions.
• Documented the vulnerability reporting path via the Hyperledger Security Process.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[Copilot]

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 1 comment.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The PR description says SECURITY.md includes “supported versions”, but the file currently only documents the reporting channel. Either add a “Supported Versions” section (as GitHub’s SECURITY.md format expects) or update the PR description to match what’s actually being added.

[Aaravanand00]

Hi @amagyar-iohk Copilot suggested adding a 'Supported Versions' section to the SECURITY.md file to follow GitHub's standard format. Could you please let me know which versions are currently officially supported? Once confirmed, I'll update the file with the correct table...