github-friendly security policy
This is mostly to check off some extra check boxes on github.
Something similar as we have in Kea: Kea security policy.
This is just writing down what we already have spread out in several places, condensed and formatted in github friendly format. No specific process changes proposed.