Add security policy guidelines

Add basic information about process for reporting security vulnerabilities in Espressif solutions.

This filename is recognized by GitHub:
https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository

SECURITY.md

@@ -0,0 +1,9 @@
+# Security Policy
+
+## Supported Versions
+
+Please refer to https://docs.espressif.com/projects/esp-idf/en/latest/esp32/versions.html#support-periods for more details on ESP-IDF supported versions and support period policy.
+
+## Reporting a Vulnerability
+
+If you think you have found a security vulnerability in Espressif solutions (including ESP-IDF), then please send an email to our Bug Bounty team at [email protected]. Please do **NOT** create a public GitHub issue.