chore: create SECURITY.md

#1837

SECURITY.md

@@ -0,0 +1,32 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 0.x     | :white_check_mark: |
+
+## Reporting a Vulnerability
+
+_Please do not report security vulnerabilities through public GitHub issues._
+
+Instead, report a vulnerability through GitHub's security advisory feature at
+https://github.com/carbon-design-system/carbon-components-svelte/security/advisories/new
+
+Please include a description of the issue, the steps you took to create the
+issue, affected versions, and, if known, mitigations for the issue. Our team
+aims to respond to all new vulnerability reports within 7 business days.
+
+Additional information on reporting vulnerabilities to IBM is available at
+https://www.ibm.com/trust/security-psirt
+
+## Preferred languages
+
+We prefer all communications to be in English.
+
+## Comments on this policy
+
+If you have suggestions on how this process could be improved please
+[submit a pull request](https://github.com/carbon-design-system/carbon-components-svelte/compare)
+or [file an issue](https://github.com/carbon-design-system/carbon-components-svelte/issues/new) to
+discuss.