add .well-known/security.txt for rfc 9116 compliance

[Hashversion]

Currently the repository includes a SECURITY.md file with clear vulnerability reporting instructions.

To improve automated discoverability and align with rfc 9116, it would be beneficial to add a .well-known/security.txt file. this allows security researchers and automated tools to programmatically locate the project’s vulnerability disclosure contact.

proposed content would reference the existing policy and email without changing any process, for example:

contact: mailto:security@databuddy.cc
policy: link to SECURITY.md
expires: valid future timestamp
preferred-languages: en

This would not modify the current reporting workflow, only improve standards compliance and discoverability.

happy to open a pull request if this is acceptable.