Create SECURITY.md (#135)

Add a security policy and email address to the repo

SECURITY.md

@@ -0,0 +1,31 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+We strongly encourage reporting any potential vulnerabilities.
+
+If you suspect a vulnerability, please take the following steps:
+- Contact us immediately at `security at twenty.com`.
+- Include a comprehensive description of the potential vulnerability and steps to reproduce the issue, if possible. The more information you can provide, the quicker we can address the problem.
+
+Our commitment is to respond to your initial report within one business day.
+While we're addressing the issue, we kindly request you to maintain confidentiality about the vulnerability to ensure the security of all users.
+Please refrain from exploiting the vulnerability or revealing the problem to others.
+
+While we don't currently have a formal bug bounty program due to the project's nascent stage, we can assure you that:
+
+- Your report will be responded to within one business day.
+- Your report and all accompanying data will be handled with utmost confidentiality.
+- We greatly appreciate your contribution and would be happy to acknowledge your role in the vulnerability fix, should you choose to be identified.
+- We will grant you permission to publicly discuss your findings after the patch has been released and a reasonable time has passed for users to implement it.
+- We (obviously) guarantee that we will not pursue any legal action as long as the vulnerability is not exploited.
+
+## Security Features
+We are always looking for ways to improve our product's security.
+If you have any recommendations or feature request that could enhance the product's security, we invite you to share them with us via the dicsussion forum.
+
+⚠️ Note this does not apply to security vulnerabilities. If you're in doubt, then always follow the security vulnerability process
+
+
+
+