Move security-related information to SECURITY.md

To follow current best practices, create a short SECURITY.md file in the root of the repository that contains information about the project's security policy and guidelines for reporting potential security issues. Replace the relevant bits of text in other files with references to the new SECURITY.md file, so that the relevant information only needs to be maintained in one place.

Replace all occurrences of the generic security-officer@isc.org email with a dedicated address for reporting BIND 9 security issues, bind-security@isc.org.

Link: https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository