Add security.txt file for the site

[mbroz2]

It's common practice to host a security.txt file (at root or at /.well-known/) to provide information regarding how to report a security vulnerability for the site.

Similarly, we should also consider enabling the GH security policy for this repo.

I expect both places would host similar if not identical content, or one point at the other.

[natalie-bernhard]

Completed via Github settings. Security policy and vulnerability reporting can now be found under the Security tag for our repo.