Add SECURITY.md file

Google's OSS practices recommend adding the standard GitHub SECURITY.md
file with instructions for how to report security issues. This commit
adds the file from our Quantumlib template.

Author: mhucka

.github/SECURITY.md

@@ -0,0 +1,36 @@
+# Reporting security issues
+
+This project's developers and community are committed to addressing security
+bugs promptly and effectively. We appreciate your efforts to disclose your
+findings responsibly, and will make every effort to acknowledge your
+contributions.
+
+Please **do not** use GitHub issues to report security vulnerabilities; GitHub
+issues are public, and doing so could allow someone to exploit the information
+before the problem can be addressed. Instead, please use the *Report a
+vulnerability* interface from the *Security* tab at the top of this GitHub
+repository page.
+
+<div align="center">
+<img width="75%" alt="Location of the report button on the repository page"
+    src="/.github/report-vulnerability-button.png">
+</div>
+
+Please report security issues in third-party modules to the person or team
+maintaining the module rather than this project's stewards, unless you believe
+that some action needs to be taken specifically with this project in order to
+guard against the effects of a security vulnerability in third-party software.
+
+## Responses to security reports
+
+The project stewards at Google Quantum AI will send a response indicating the
+next steps in handling your report. After the initial reply to your report, the
+project stewards will keep you informed of the progress towards a fix and full
+announcement, and may ask for additional information or guidance.
+
+## Additional points of contact
+
+Please contact the project stewards at Google Quantum AI via email at
+quantum-oss-maintainers@google.com if you have questions or other concerns. If
+for any reason you are uncomfortable reaching out to the project stewards,
+please email opensource@google.com instead.