Create SECURITY.md for security policy and reporting

[ironbyte-rgb]

Added a security policy document outlining supported versions and vulnerability reporting.

[Copilot]

Pull request overview

This PR adds a SECURITY.md file to establish a security policy for the project. However, the file currently contains only template placeholder text without actual project-specific information.

Changes:

• Added SECURITY.md with template structure for security policy and vulnerability reporting

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

This SECURITY.md file contains placeholder text from a template that should be replaced with actual, actionable information. Lines 5-6 are instructional placeholder text that should be removed. The document should provide specific guidance for users trying to understand the security support policy.

[Copilot]

The version numbers listed in the supported versions table (5.1.x, 5.0.x, 4.0.x) do not match the actual project version. According to package.json, this project is currently at version 0.8.1. The supported versions table should reflect the actual versioning scheme of this project to provide accurate security support information to users.

Suggested change

	| 5.1.x | :white_check_mark: |
	| 5.0.x | :x: |
	| 4.0.x | :white_check_mark: |
	| < 4.0 | :x: |
	| 0.8.x | :white_check_mark: |
	| < 0.8.0 | :x: |

[Copilot]

This section contains only placeholder text that should be replaced with actual vulnerability reporting instructions. Users need to know specific details such as: where to report vulnerabilities (e.g., email address, private issue tracker, security advisory form), expected response time, and the process for handling reported vulnerabilities. Without this information, the security policy is not actionable.

Suggested change

	Use this section to tell people how to report a vulnerability.
	Tell them where to go, how often they can expect to get an update on a
	reported vulnerability, what to expect if the vulnerability is accepted or
	declined, etc.
	## Reporting a Vulnerability
	To report a security vulnerability, please contact the maintainers using one of the following private channels:
	- **Preferred:** Open a private security advisory via GitHub: go to this repository’s **Security** tab and click **“Report a vulnerability”** (GitHub Security Advisories).
	- **Alternative:** Send an email to **security@project.org** with the subject line `SECURITY VULNERABILITY: <short summary>`.
	Please include as much detail as possible, including:
	- A description of the issue and its potential impact
	- Steps to reproduce (proof-of-concept code, HTTP requests, configuration details, etc.)
	- Any known workarounds or mitigations
	- The version(s) of the project you tested against
	We aim to acknowledge your report within **3 business days** and to provide an initial assessment or request for more information within **7 business days**. During the investigation:
	- We will keep you updated at key stages (triage, confirmation, fix in progress, release planning).
	- We may ask you for additional information to help reproduce or better understand the impact.
	- We will make a reasonable effort to develop and release a fix before publicly disclosing details of the vulnerability.
	If we determine that the vulnerability is valid, we will:
	- Prepare and test a patch or mitigation.
	- Coordinate a release that includes the fix.
	- Publish release notes and, if appropriate, a security advisory describing the impact and remediation steps.
	- Credit you as the reporter (unless you request to remain anonymous).
	Please **do not** report security vulnerabilities via public issue trackers, discussion forums, or social media, as this may increase the risk to users before a fix is available.