Add security policy

[pnacht]

Fixes #3343.

As described in the issue, this PR adds a security policy for seaborn.

The policy currently uses an email I found in the pyproject.toml file. It also suggests using GitHub's private reporting feature (must be enabled in the project settings). Let me know if you'd rather use just one means of reporting and/or change the email.

The policy also contains a 90-day remediation timeline, which I adopted because it's pretty common. But let me know if you'd rather change that (or anything else!).

[codecov]

Codecov Report

Merging #3344 (053a12d) into master (fc03c5d) will not change coverage.
The diff coverage is n/a.

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #3344   +/-   ##
=======================================
  Coverage   98.38%   98.38%           
=======================================
  Files          77       77           
  Lines       24951    24951           
=======================================
  Hits        24548    24548           
  Misses        403      403           

[mwaskom]

I've enabled the private security report feature on the seaborn repo and think I'd prefer that to be the only official route. I don't actually check my "public" email address all that often as it catches a lot of spam.

[pnacht]

Updated.

[mwaskom]

Thanks @pnacht